[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: jhead
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-10-22 17:00:23
Message-ID: Pine.GSO.4.51.0810221259240.25959 () faron ! mitre ! org
[Download RAW message or body]


So there are 4 CVE's overall (CVE-2008-4575 assigned earlier), with a
SPLIT of the fixed DoCommand issues from the remaining unfixed issues.

- Steve


======================================================
Name: CVE-2008-4575
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: CONFIRM:http://www.sentex.net/~mwandel/jhead/changes.txt
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
Reference: BID:31770
Reference: URL:http://www.securityfocus.com/bid/31770

Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
via (1) a long -cmd argument and (2) unspecified vectors related to "a
bunch of potential string overflows."


======================================================
Name: CVE-2008-4639
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639
Reference: MLIST:[oss-security] 20081015 CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/5
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

jhead.c in Matthias Wandel jhead before 2.84 allows local users to
overwrite arbitrary files via a symlink attack on a temporary file.


======================================================
Name: CVE-2008-4640
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows local users to delete arbitrary files via vectors
involving a modified input filename in which (1) a final "z" character
is replaced by a "t" character or (2) a final "t" character is
replaced by a "z" character.


======================================================
Name: CVE-2008-4641
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641
Reference: MLIST:[oss-security] 20081015 CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/5
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows attackers to execute arbitrary commands via shell
metacharacters in unspecified input.


[prev in list] [next in list] [prev in thread] [next in thread]