oss-sec mailing list archives

Re: CVE request: jhead

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 22 Oct 2008 13:00:23 -0400 (EDT)


So there are 4 CVE's overall (CVE-2008-4575 assigned earlier), with a
SPLIT of the fixed DoCommand issues from the remaining unfixed issues.

- Steve


======================================================
Name: CVE-2008-4575
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: CONFIRM:http://www.sentex.net/~mwandel/jhead/changes.txt
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
Reference: BID:31770
Reference: URL:http://www.securityfocus.com/bid/31770

Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
via (1) a long -cmd argument and (2) unspecified vectors related to "a
bunch of potential string overflows."


======================================================
Name: CVE-2008-4639
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639
Reference: MLIST:[oss-security] 20081015 CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/5
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

jhead.c in Matthias Wandel jhead before 2.84 allows local users to
overwrite arbitrary files via a symlink attack on a temporary file.


======================================================
Name: CVE-2008-4640
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows local users to delete arbitrary files via vectors
involving a modified input filename in which (1) a final "z" character
is replaced by a "t" character or (2) a final "t" character is
replaced by a "z" character.


======================================================
Name: CVE-2008-4641
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641
Reference: MLIST:[oss-security] 20081015 CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/5
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows attackers to execute arbitrary commands via shell
metacharacters in unspecified input.

Current thread:

CVE request: jhead Jamie Strandboge (Oct 15)
- Re: CVE request: jhead Steven M. Christey (Oct 15)
  - Re: CVE request: jhead John Dong (Oct 16)
    - Re: CVE request: jhead Steven M. Christey (Oct 22)
    - Re: CVE request: jhead Robert Buchholz (Nov 26)
- Re: CVE request: jhead Steven M. Christey (Oct 15)