Vulnerabilities > CVE-2008-1796 - Unspecified vulnerability in Comix 3.6.4

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

NVD

Published: 2008-04-15

Updated: 2024-11-21

Summary

Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.

Part	Description	Count
OS	Redhat Redhat Fedora 7 Redhat Fedora 8	2
Application	Comix Comix Comix 3.6.4	1

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-2993.NASL
description	Several security flaws are reported against comix 3.6.4. One issue is that comix uses os.popen() to execute external commands without handling filenames properly. This may allow malicios users to execute arbitrary commands by opening some files with crafted names. This issue is now identified as CVE-2008-1568. Another issue is that comix creates a directory under /tmp with the name easily predictable by any users. This will cause DOS attach for multiuser system. This new package will fix these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31823
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31823
title	Fedora 7 : comix-3.6.4-6.fc7 (2008-2993)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-2981.NASL
description	Several security flaws are reported against comix 3.6.4. One issue is that comix uses os.popen() to execute external commands without handling filenames properly. This may allow malicios users to execute arbitrary commands by opening some files with crafted names. This issue is now identified as CVE-2008-1568. Another issue is that comix creates a directory under /tmp with the name easily predictable by any users. This will cause DOS attach for multiuser system. This new package will fix these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31821
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31821
title	Fedora 8 : comix-3.6.4-6.fc8 (2008-2981)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200804-29.NASL
description	The remote host is affected by the vulnerability described in GLSA-200804-29 (Comix: Multiple vulnerabilities) Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs (CVE-2008-1568). Comix also creates directories with predictable names (CVE-2008-1796). Impact : A remote attacker could exploit the first vulnerability by enticing a user to use Comix to open a file with a specially crafted filename, resulting in the execution of arbitrary commands. The second vulnerability could be exploited by a local attacker to cause a Denial of Service by creating a file or directory with the same filename as the predictable filename used by Comix. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	32075
published	2008-04-28
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/32075
title	GLSA-200804-29 : Comix: Multiple vulnerabilities