Vulnerabilities > CVE-2008-4639 - Unspecified vulnerability in Sentex Jhead

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

sentex

nessus

NVD

Published: 2008-10-21

Updated: 2010-12-28

Summary

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Vulnerable Configurations

Part	Description	Count
Application	Sentex Sentex Jhead 1.2 Sentex Jhead 1.3 Sentex Jhead 1.4 Sentex Jhead 1.5 Sentex Jhead 1.6 Sentex Jhead 1.7 Sentex Jhead 1.8 Sentex Jhead 1.9 Sentex Jhead 2.0 Sentex Jhead 2.1 Sentex Jhead 2.2 Sentex Jhead 2.3 Sentex Jhead 2.4 Sentex Jhead 2.4-1 Sentex Jhead 2.4-2 Sentex Jhead 2.5 Sentex Jhead 2.6 Sentex Jhead 2.7 Sentex Jhead 2.8 Sentex Jhead 2.82 Sentex Jhead *	21

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_JHEAD-090108.NASL
description	This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand() - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand() allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand()
last seen	2020-06-01
modified	2020-06-02
plugin id	40004
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40004
title	openSUSE Security Update : jhead (jhead-399)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update jhead-399. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40004); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2008-4575", "CVE-2008-4639", "CVE-2008-4640", "CVE-2008-4641"); script_name(english:"openSUSE Security Update : jhead (jhead-399)"); script_summary(english:"Check for the jhead-399 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand() - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand() allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand()" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=435979" ); script_set_attribute(attribute:"solution", value:"Update the affected jhead package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 59, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jhead"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"jhead-2.82-11.3") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jhead"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_JHEAD-5899.NASL
description	This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand() - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand() allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand()
last seen	2020-06-01
modified	2020-06-02
plugin id	35331
published	2009-01-11
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35331
title	openSUSE 10 Security Update : jhead (jhead-5899)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update jhead-5899. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(35331); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2008-4575", "CVE-2008-4639", "CVE-2008-4640", "CVE-2008-4641"); script_name(english:"openSUSE 10 Security Update : jhead (jhead-5899)"); script_summary(english:"Check for the jhead-5899 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand() - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand() allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand()" ); script_set_attribute(attribute:"solution", value:"Update the affected jhead package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 59, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jhead"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"jhead-2.7-11.3") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jhead"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_JHEAD-090108.NASL
description	This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand() - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand() allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand()
last seen	2020-06-01
modified	2020-06-02
plugin id	40243
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40243
title	openSUSE Security Update : jhead (jhead-399)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-041.NASL
description	Security vulnerabilities have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) (CVE-2008-4575). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2008-4639). Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename (CVE-2008-4640). jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input (CVE-2008-4641). This update provides the latest Jhead to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37496
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37496
title	Mandriva Linux Security Advisory : jhead (MDVSA-2009:041)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200901-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-200901-02 (JHead: Multiple vulnerabilities) Marc Merlin and John Dong reported multiple vulnerabilities in JHead: A buffer overflow in the DoCommand() function when processing the cmd argument and related to potential string overflows (CVE-2008-4575). An insecure creation of a temporary file (CVE-2008-4639). A error when unlinking a file (CVE-2008-4640). Insufficient escaping of shell metacharacters (CVE-2008-4641). Impact : A remote attacker could possibly execute arbitrary code by enticing a user or automated system to open a file with a long filename or via unspecified vectors. It is also possible to trick a user into deleting or overwriting files. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	35346
published	2009-01-12
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35346
title	GLSA-200901-02 : JHead: Multiple vulnerabilities

Summary

Vulnerable Configurations

Nessus

References