Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4640

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2008-4640
Last Modified 03 Dec 2008 01:45:12
Published 21 Oct 2008 02:00:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4640

Summary

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.

Vulnerable Systems

Application

  • Sentex Jhead 1.2

  • Sentex Jhead 1.3

  • Sentex Jhead 1.4

  • Sentex Jhead 1.5

  • Sentex Jhead 1.6

  • Sentex Jhead 1.7

  • Sentex Jhead 1.8

  • Sentex Jhead 1.9

  • Sentex Jhead 2.0

  • Sentex Jhead 2.1

  • Sentex Jhead 2.2

  • Sentex Jhead 2.3

  • Sentex Jhead 2.4

  • Sentex Jhead 2.4-1

  • Sentex Jhead 2.4-2

  • Sentex Jhead 2.5

  • Sentex Jhead 2.6

  • Sentex Jhead 2.7

  • Sentex Jhead 2.8

  • Sentex Jhead 2.82


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

BID - 32506

MLIST - [oss-security] 20081127 Re: CVE request: jhead

MLIST - [oss-security] 20081016 Re: CVE request: jhead


Last Updated: 27 May 2016 10:48:34