CVE-2008-1568 - OpenCVE

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Comix	Comix

Configuration 1 [-]

cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
http://secunia.com/advisories/29621
http://secunia.com/advisories/29731
http://secunia.com/advisories/29956
http://security.gentoo.org/glsa/glsa-200804-29.xml
http://www.securityfocus.com/bid/28547
https://exchange.xforce.ibmcloud.com/vulnerabilities/41554
https://nvd.nist.gov/vuln/detail/CVE-2008-1568
https://www.cve.org/CVERecord?id=CVE-2008-1568
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-31T22:00:00

Updated: 2024-08-07T08:24:42.680Z

Reserved: 2008-03-31T00:00:00

Link: CVE-2008-1568

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-31T22:44:00.000

Modified: 2017-08-08T01:30:15.777

Link: CVE-2008-1568

Redhat

Severity : Moderate

Publid Date: 2008-01-27T00:00:00Z

Links: CVE-2008-1568 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200804-29", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29621"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1568", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200804-29", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29621"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:24:42.680Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-200804-29", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"name": "FEDORA-2008-2981", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"name": "comix-filename-command-execution(41554)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"name": "29731", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29731"}, {"name": "28547", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28547"}, {"name": "FEDORA-2008-2993", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}, {"name": "29956", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29956"}, {"name": "29621", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29621"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1568", "datePublished": "2008-03-31T22:00:00", "dateReserved": "2008-03-31T00:00:00", "dateUpdated": "2024-08-07T08:24:42.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:comix:comix:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "170E6C1D-73AC-4EA4-AA6B-2542090630E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs."}, {"lang": "es", "value": "comix 3.6.4 permite a atacantes ejecutar comandos de su elecci\u00f3n a trav\u00e9s de un nombre de archivo que contiene metacaracteres de consola que no son limpiados correctamente cuando se ejecutan los programas rar, unrar, o jpegtran"}], "id": "CVE-2008-1568", "lastModified": "2017-08-08T01:30:15.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-31T22:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29621"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29731"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29956"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-29.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28547"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41554"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}