CVE-2009-2946 | Vulnerability Database | Aqua Security

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

Affected Software

Name	Vendor	Start Version	End Version
Devscripts	Devscripts_devel_team	*	*
Devscripts	Ubuntu	dapper	*
Devscripts	Ubuntu	devel	*
Devscripts	Ubuntu	hardy	*
Devscripts	Ubuntu	intrepid	*
Devscripts	Ubuntu	jaunty	*
Devscripts	Ubuntu	upstream	*

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209
http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1
http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0
http://www.debian.org/security/2009/dsa-1878
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209
http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1
http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0
http://www.debian.org/security/2009/dsa-1878

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-2946
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html