Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1568

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1568
Last Modified 15 Nov 2008 02:11:40
Published 31 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1568

Summary

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

Vulnerable Systems

Application

  • Comix 3.6.4


References

GENTOO - GLSA-200804-29

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840

FEDORA - FEDORA-2008-2993

FEDORA - FEDORA-2008-2981

XF - comix-filename-command-execution(41554)

BID - 28547

SECUNIA - 29956

SECUNIA - 29731

SECUNIA - 29621


Last Updated: 27 May 2016 10:47:34