Lucene search

PRIOn knowledge basePRION:CVE-2008-4640

HistoryOct 21, 2008 - 6:00 p.m.

Input validation

2008-10-2118:00:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final “z” character is replaced by a “t” character or (2) a final “t” character is replaced by a “z” character.

CPENameOperatorVersion
jheadeq2.6
jheadeq1.5
jheadeq2.3
jheadeq2.5
jheadeq1.3
jheadeq2.4.2
jheadeq1.2
jheadeq1.8
jheadeq2.0
jheadeq2.7

Name	Operator	Version
jhead	eq	2.6
jhead	eq	1.5
jhead	eq	2.3
jhead	eq	2.5
jhead	eq	1.3
jhead	eq	2.4.2
jhead	eq	1.2
jhead	eq	1.8
jhead	eq	2.0
jhead	eq	2.7

Rows per page:

1-10 of 201

References

www.openwall.com/lists/oss-security/2008/10/16/3

www.openwall.com/lists/oss-security/2008/11/26/4

www.securityfocus.com/bid/32506

bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

6.3 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2008-4640