Critical severity9.8NVD Advisory· Published Feb 2, 2010· Updated Apr 29, 2026

CVE-2009-4013

Description

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.

Affected products

Debian/Lintian
cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
Range: >=1.23.0,<=1.23.28
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packages.qa.debian.org/l/lintian/news/20100128T015554Z.htmlnvdMailing ListPatch
www.securityfocus.com/bid/37975nvdBroken LinkPatchThird Party AdvisoryVDB Entry
secunia.com/advisories/38375nvdBroken LinkVendor Advisory
secunia.com/advisories/38379nvdBroken LinkVendor Advisory
www.debian.org/security/2010/dsa-1979nvdThird Party Advisory
www.ubuntu.com/usn/USN-891-1nvdThird Party Advisory
packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelognvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000