CVE-2008-1568 - OpenCVE

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Comix	Comix

Configuration 1 [-]

cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
http://secunia.com/advisories/29621
http://secunia.com/advisories/29731
http://secunia.com/advisories/29956
http://security.gentoo.org/glsa/glsa-200804-29.xml
http://www.securityfocus.com/bid/28547
https://exchange.xforce.ibmcloud.com/vulnerabilities/41554
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-31T22:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-03-31T00:00:00

Link: CVE-2008-1568

JSON object: View

NVD Information

Status : Modified

Published: 2008-03-31T22:44:00.000

Modified: 2017-08-08T01:30:15.777

Link: CVE-2008-1568

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200804-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29621"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1568", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200804-29", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29621"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1568", "datePublished": "2008-03-31T22:00:00", "dateReserved": "2008-03-31T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "170E6C1D-73AC-4EA4-AA6B-2542090630E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}, {"lang": "es", "value": "comix 3.6.4 permite a atacantes ejecutar comandos de su elecci\u00f3n a trav\u00e9s de un nombre de archivo que contiene metacaracteres de consola que no son limpiados correctamente cuando se ejecutan los programas rar, unrar, o jpegtran"}], "id": "CVE-2008-1568", "lastModified": "2017-08-08T01:30:15.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-31T22:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29621"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29731"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29956"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28547"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}