CVE-2008-4640

2008-10-2118:00:00

CWE-20

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2008-4640

docommand function

jhead.c

arbitrary files

local users

security vulnerability

nvd

5.9 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final “z” character is replaced by a “t” character or (2) a final “t” character is replaced by a “z” character.

CPENameOperatorVersion
sentex:jheadsentex jheadeq2.6
sentex:jheadsentex jheadeq1.5
sentex:jheadsentex jheadeq2.3
sentex:jheadsentex jheadeq2.5
sentex:jheadsentex jheadeq1.3
sentex:jheadsentex jheadeq2.4-2
sentex:jheadsentex jheadeq1.2
sentex:jheadsentex jheadeq1.8
sentex:jheadsentex jheadeq2.0
sentex:jheadsentex jheadeq2.7

CPE	Name	Operator	Version
sentex:jhead	sentex jhead	eq	2.6
sentex:jhead	sentex jhead	eq	1.5
sentex:jhead	sentex jhead	eq	2.3
sentex:jhead	sentex jhead	eq	2.5
sentex:jhead	sentex jhead	eq	1.3
sentex:jhead	sentex jhead	eq	2.4-2
sentex:jhead	sentex jhead	eq	1.2
sentex:jhead	sentex jhead	eq	1.8
sentex:jhead	sentex jhead	eq	2.0
sentex:jhead	sentex jhead	eq	2.7