漏洞信息详情
jhead 'DoCommand()' 任意指令执行漏洞
- CNNVD编号:CNNVD-200810-342
- 危害等级: 中危
- CVE编号: CVE-2008-4641
- 漏洞类型: 输入验证
- 发布时间: 2008-10-21
- 威胁类型: 远程
- 更新时间: 2008-11-15
- 厂 商: sentex
- 漏洞来源: John Dong
漏洞简介
Matthias Wandel jhead中的jhead.c存在的DoCommand函数允许攻击者借助未明输入中的shell字符执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Matthias Wandel jhead 2.83
Matthias Wandel jhead-latest.tar.gz
http://www.sentex.net/~mwandel/jhead/jhead-latest.tar.gz
MandrakeSoft Linux Mandrake 2009.0 x86_64
Mandriva jhead-2.86-0.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.1 x86_64
Mandriva jhead-2.86-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva jhead-2.86-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.1
Mandriva jhead-2.86-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Matthias Wandel jhead 2.84
Matthias Wandel jhead-latest.tar.gz
http://www.sentex.net/~mwandel/jhead/jhead-latest.tar.gz
MandrakeSoft Linux Mandrake 2008.0
Mandriva jhead-2.86-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.0
Mandriva jhead-2.86-0.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
参考网址
来源: bugs.launchpad.net
链接:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
来源: BID
名称: 31921
链接:http://www.securityfocus.com/bid/31921
来源: MLIST
名称: [oss-security] 20081127 Re: CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/11/26/4
来源: MLIST
名称: [oss-security] 20081016 Re: CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/10/16/3
来源: MLIST
名称: [oss-security] 20081015 Re: CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/10/15/6
来源: MLIST
名称: [oss-security] 20081015 CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/10/15/5
受影响实体
- Sentex Jhead:1.3
- Sentex Jhead:1.2
- Sentex Jhead:1.5
- Sentex Jhead:1.4
- Sentex Jhead:2.1
补丁
暂无
评论