This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sentex First view 2008-10-15
Product Jhead Last view 2008-10-21
Version 1.7 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sentex:jhead

Activity : Overall

Related : CVE

  Date Alert Description
10 2008-10-21 CVE-2008-4641

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
3.6 2008-10-21 CVE-2008-4640

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
4.6 2008-10-21 CVE-2008-4639

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
5 2008-10-15 CVE-2008-4575

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-20 Improper Input Validation
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
49475 jhead jhead.c DoCommand Function Arbitrary Local File Deletion
49452 jhead jhead.c Temporary File Symlink Arbitrary File Overwrite
49369 jhead jhead.c DoCommand Function Shell Metacharacter Arbitrary Remote Command...
49196 jhead DoCommand Function Command Argument Overflow DoS

OpenVAS Exploits

id Description
2009-03-07 Name : Fedora Core 9 FEDORA-2009-1776 (jhead)
File : nvt/fcore_2009_1776.nasl
2009-03-07 Name : Fedora Core 10 FEDORA-2009-1824 (jhead)
File : nvt/fcore_2009_1824.nasl
2009-02-18 Name : Mandrake Security Advisory MDVSA-2009:041 (jhead)
File : nvt/mdksa_2009_041.nasl
2009-02-17 Name : Fedora Update for jhead FEDORA-2008-8928
File : nvt/gb_fedora_2008_8928_jhead_fc9.nasl
2009-02-17 Name : Fedora Update for jhead FEDORA-2008-8941
File : nvt/gb_fedora_2008_8941_jhead_fc8.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2009-01-13 Name : Gentoo Security Advisory GLSA 200901-02 (jhead)
File : nvt/glsa_200901_02.nasl

Nessus® Vulnerability Scanner

id Description
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_jhead-090108.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_jhead-090108.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-1824.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2009-041.nasl - Type: ACT_GATHER_INFO
2009-03-06 Name: The remote Fedora host is missing a security update.
File: fedora_2009-1776.nasl - Type: ACT_GATHER_INFO
2009-01-12 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200901-02.nasl - Type: ACT_GATHER_INFO
2009-01-11 Name: The remote openSUSE host is missing a security update.
File: suse_jhead-5899.nasl - Type: ACT_GATHER_INFO
2008-10-21 Name: The remote Fedora host is missing a security update.
File: fedora_2008-8928.nasl - Type: ACT_GATHER_INFO
2008-10-21 Name: The remote Fedora host is missing a security update.
File: fedora_2008-8941.nasl - Type: ACT_GATHER_INFO