Lucene search

[email protected]CVE-2008-1568

HistoryMar 31, 2008 - 10:44 p.m.

CVE-2008-1568

2008-03-3122:44:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-1568

comix

arbitrary command execution

unsanitized filenames

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.1%

JSON

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

CPENameOperatorVersion
comix:comixcomixeq3.6.4

CPE	Name	Operator	Version
comix:comix	comix	eq	3.6.4

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840

secunia.com/advisories/29621

secunia.com/advisories/29731

secunia.com/advisories/29956

security.gentoo.org/glsa/glsa-200804-29.xml

www.securityfocus.com/bid/28547

exchange.xforce.ibmcloud.com/vulnerabilities/41554

www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2008-1568

prion1 fedora2 openvas6 ubuntucve1 debiancve1 cvelist1 securityvulns2 nessus3 gentoo1