>From upstream author. ---------- Forwarded message ---------- From: Matthias Wandel Date: Mon, Oct 27, 2008 at 1:06 PM Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling To: Ludovic Rousseau <[EMAIL PROTECTED]>
So what is the security vulnerability? You can use it to delete files, but why not just use "rm"? Unless of course you run it as setuid root, but why would you go out ot your way to do that? Matthias ----- Original Message ----- From: "Ludovic Rousseau" <[EMAIL PROTECTED]> To: <mwandel> Sent: Monday, October 27, 2008 4:25 AM Subject: Fwd: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling > Hello Matthias, > > Are you aware of this new security problems? > Are you working on the problem? > Do you plan to release a version 2.85 of jhead with a fix? > > Thanks > > ---------- Forwarded message ---------- > From: Nico Golde <[EMAIL PROTECTED]> > Date: Mon, Oct 27, 2008 at 10:10 AM > Subject: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command > injection via filename and insecure file handling > To: [EMAIL PROTECTED] > > > Package: jhead > Severity: grave > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) ids were > published for jhead. > > CVE-2008-4641[0]: > | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and > | earlier allows attackers to execute arbitrary commands via shell > | metacharacters in unspecified input. > > CVE-2008-4640[1]: > | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and > | earlier allows local users to delete arbitrary files via vectors > | involving a modified input filename in which (1) a final "z" character > | is replaced by a "t" character or (2) a final "t" character is > | replaced by a "z" character. > > If you fix the vulnerabilities please also make sure to include the > CVE ids in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641 > http://security-tracker.debian.net/tracker/CVE-2008-4641 > [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640 > http://security-tracker.debian.net/tracker/CVE-2008-4640 > > -- > Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF > For security reasons, all text in this mail is double-rot13 encrypted. > > > > -- > Dr. Ludovic Rousseau > -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
