Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 22 Oct 2008 13:00:23 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Jamie Strandboge <jamie@...onical.com>
Subject: Re: CVE request: jhead


So there are 4 CVE's overall (CVE-2008-4575 assigned earlier), with a
SPLIT of the fixed DoCommand issues from the remaining unfixed issues.

- Steve


======================================================
Name: CVE-2008-4575
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: CONFIRM:http://www.sentex.net/~mwandel/jhead/changes.txt
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
Reference: BID:31770
Reference: URL:http://www.securityfocus.com/bid/31770

Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
via (1) a long -cmd argument and (2) unspecified vectors related to "a
bunch of potential string overflows."


======================================================
Name: CVE-2008-4639
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639
Reference: MLIST:[oss-security] 20081015 CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/5
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

jhead.c in Matthias Wandel jhead before 2.84 allows local users to
overwrite arbitrary files via a symlink attack on a temporary file.


======================================================
Name: CVE-2008-4640
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows local users to delete arbitrary files via vectors
involving a modified input filename in which (1) a final "z" character
is replaced by a "t" character or (2) a final "t" character is
replaced by a "z" character.


======================================================
Name: CVE-2008-4641
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641
Reference: MLIST:[oss-security] 20081015 CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/5
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: MLIST:[oss-security] 20081016 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/16/3
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
earlier allows attackers to execute arbitrary commands via shell
metacharacters in unspecified input.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux