Showing 1 - 2 of 2

CVE-2008-4639

Status Candidate

Overview

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Mandriva Linux Security Advisory 2009-041: Posted Feb 17, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-041 - Security vulnerabilities have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename. jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. This update provides the latest Jhead to correct these issues.; tags | advisory, denial of service, overflow, arbitrary, shell, local, vulnerability; systems | linux, mandriva; advisories | CVE-2008-4575, CVE-2008-4639, CVE-2008-4640, CVE-2008-4641; SHA-256 | ec03dde18fba49ba3c5a579afa29b6ff1c75dc1ed6f2fc7e6db863639c69172b; Download | Favorite | View

Gentoo Linux Security Advisory 200901-2: Posted Jan 12, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200901-02 - Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss. Versions less than 2.84-r1 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2008-4575, CVE-2008-4639, CVE-2008-4640, CVE-2008-4641; SHA-256 | 69352640345ae81ab7981ab3b11c54588fc1cefd02630aad6d89b1768afc9683; Download | Favorite | View

Page 1 of 1 Back 1 Next