Vigil@nce: jhead, several vulnerabilities
March 2009 by Vigil@nce
Several jhead vulnerabilities can be used by an attacker to
execute code.
– Gravity: 2/4
– Consequences: user access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 4
– Creation date: 06/03/2009
IMPACTED PRODUCTS
– Fedora
– Mandriva Linux
– Novell Linux Desktop
– Novell Open Enterprise Server
– OpenSUSE
– SUSE LINUX Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The jhead program handles EXIF data stored in JPEG images. It is
impacted by four vulnerabilities.
An attacker can generate a buffer overflow in DoCommand in order
to execute code. [grav:2/4; CVE-2008-4575]
A local attacker can use a symbolic link to force jhead to
overwrite a local file. [grav:1/4; CVE-2008-4639]
An attacker can force DoCommand to delete a local file. [grav:1/4;
CVE-2008-4640]
An attacker can use shell escaping characters to force DoCommand
to execute a command. [grav:2/4; CVE-2008-4641]
CHARACTERISTICS
– Identifiers: CVE-2008-4575, CVE-2008-4639, CVE-2008-4640,
CVE-2008-4641, FEDORA-2008-8928, FEDORA-2008-8941,
FEDORA-2009-1776, FEDORA-2009-1824, MDVSA-2009:041,
SUSE-SR:2009:001, VIGILANCE-VUL-8514
– Url: http://vigilance.fr/vulnerability/jhead-several-vulnerabilities-8514