PT-2008-3127 · Jpegtran+3 · Jpegtran+3

Hhaamu

·

Publicado

2008-03-31

·

Atualizado

2017-08-08

·

CVE-2008-1568

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions comix version 3.6.4
Description The issue allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
Recommendations For comix version 3.6.4, consider updating to a newer version that properly sanitizes filenames to prevent command execution. As a temporary workaround, restrict the use of the rar, unrar, and jpegtran programs within comix until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-1568

Produtos afetados

Comix
Jpegtran
Rar
Unrar