CVE-2008-4575

Sažetak

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."

Reference

http://secunia.com/advisories/32363
http://www.openwall.com/lists/oss-security/2008/10/15/6
http://www.securityfocus.com/bid/31770
http://www.sentex.net/~mwandel/jhead/changes.txt
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

10-02-2009 - 06:55

Objavljeno

15-10-2008 - 20:07