LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

jhead: multiple vulnerabilities

Package(s):jhead CVE #(s):CVE-2008-4639 CVE-2008-4640 CVE-2008-4641
Created:January 12, 2009 Updated:March 5, 2009
Description:

From the Gentoo advisory:

* An insecure creation of a temporary file (CVE-2008-4639).

* A error when unlinking a file (CVE-2008-4640).

* Insufficient escaping of shell metacharacters (CVE-2008-4641).

A remote attacker could possibly execute arbitrary code by enticing a user or automated system to open a file with a long filename or via unspecified vectors. It is also possible to trick a user into deleting or overwriting files.

Alerts:
Fedora FEDORA-2009-1824 2009-02-17
Fedora FEDORA-2009-1776 2009-02-17
Mandriva MDVSA-2009:041 2009-02-17
Gentoo 200901-02 2009-01-11
SuSE SUSE-SR:2009:001 2009-01-12
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds