漏洞信息详情
jhead 'jhead.c' 临时文件攻击漏洞
- CNNVD编号:CNNVD-200810-340
- 危害等级: 低危
- CVE编号: CVE-2008-4639
- 漏洞类型: 后置链接
- 发布时间: 2008-10-21
- 威胁类型: 本地
- 更新时间: 2009-03-25
- 厂 商: sentex
- 漏洞来源: Marc Merlin and Jo...
漏洞简介
Matthias Wandel jhead中的jhead.c允许本地用户借助对一个临时文件的符号链接攻击来复写任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Matthias Wandel jhead 2.83
Matthias Wandel jhead-2.84.tar.gz
http://www.sentex.net/~mwandel/jhead/jhead-2.84.tar.gz
MandrakeSoft Linux Mandrake 2009.0 x86_64
Mandriva jhead-2.86-0.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.1 x86_64
Mandriva jhead-2.86-0.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva jhead-2.86-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.1
Mandriva jhead-2.86-0.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.0
Mandriva jhead-2.86-0.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.0
Mandriva jhead-2.86-0.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
参考网址
来源: bugs.launchpad.net
链接:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
来源: MLIST
名称: [oss-security] 20090206 Re: CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2009/02/06/5
来源: MLIST
名称: [oss-security] 20081016 Re: CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/10/16/3
来源: MLIST
名称: [oss-security] 20081015 Re: CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/10/15/6
来源: MLIST
名称: [oss-security] 20081015 CVE request: jhead
链接:http://www.openwall.com/lists/oss-security/2008/10/15/5
受影响实体
- Sentex Jhead:1.3
- Sentex Jhead:1.2
- Sentex Jhead:1.5
- Sentex Jhead:1.4
- Sentex Jhead:2.1
补丁
暂无
评论