CVE-2008-4640

Related Files

Mandriva Linux Security Advisory 2009-041

Posted Feb 17, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-041 - Security vulnerabilities have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename. jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. This update provides the latest Jhead to correct these issues.

tags | advisory, denial of service, overflow, arbitrary, shell, local, vulnerability

systems | linux, mandriva

advisories | CVE-2008-4575, CVE-2008-4639, CVE-2008-4640, CVE-2008-4641

SHA-256 | ec03dde18fba49ba3c5a579afa29b6ff1c75dc1ed6f2fc7e6db863639c69172b

Download | Favorite | View

Gentoo Linux Security Advisory 200901-2

Posted Jan 12, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-02 - Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss. Versions less than 2.84-r1 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-4575, CVE-2008-4639, CVE-2008-4640, CVE-2008-4641

SHA-256 | 69352640345ae81ab7981ab3b11c54588fc1cefd02630aad6d89b1768afc9683

Download | Favorite | View