CVE-2008-1568 - Vulnerability Details - OpenCVE

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00793.

Key SSVC decision points have not yet been added.

Vendors	Products
Comix	Comix

Configuration 1 [-]

cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-1569	comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
http://secunia.com/advisories/29621
http://secunia.com/advisories/29731
http://secunia.com/advisories/29956
http://security.gentoo.org/glsa/glsa-200804-29.xml
http://www.securityfocus.com/bid/28547
https://exchange.xforce.ibmcloud.com/vulnerabilities/41554
https://www.cve.org/CVERecord?id=CVE-2008-1568
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2008-1568

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2008-1568 https://www.cve.org/CVERecord?id=CVE-2008-1568

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-31T22:00:00

Updated: 2024-08-07T08:24:42.680Z

Reserved: 2008-03-31T00:00:00

Link: CVE-2008-1568

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-03-31T22:44:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1568

Redhat

Severity : Moderate

Publid Date: 2008-01-27T00:00:00Z

Links: CVE-2008-1568 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200804-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29621"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1568", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200804-29", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29621"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:24:42.680Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-200804-29", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29621"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1568", "datePublished": "2008-03-31T22:00:00", "dateReserved": "2008-03-31T00:00:00", "dateUpdated": "2024-08-07T08:24:42.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "170E6C1D-73AC-4EA4-AA6B-2542090630E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}, {"lang": "es", "value": "comix 3.6.4 permite a atacantes ejecutar comandos de su elecci\u00f3n a trav\u00e9s de un nombre de archivo que contiene metacaracteres de consola que no son limpiados correctamente cuando se ejecutan los programas rar, unrar, o jpegtran"}], "id": "CVE-2008-1568", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-31T22:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29621"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29731"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29956"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28547"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29731"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}