On Tue, Nov 4, 2008 at 1:29 PM, Matthias Wandel [EMAIL PROTECTED] wrote:
Ok, I changed the mkstemp back to mktemp.
Do you plan to release the 2.85 version soon?
I can only find version 2.84 on [1].
Bye
[1] http://www.sentex.net/~mwandel/jhead/
--
Dr. Ludovic Rousseau
--
To UNSUBSCRIBE,
Wandel [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 5:13 AM
Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command
injection via filename and insecure file handling
Hello Matthias,
On 3-nov-08, at 16:04, Matthias Wandel wrote:
Ok, I have integrated this patch
Hello Matthias,
On 3-nov-08, at 16:04, Matthias Wandel wrote:
Ok, I have integrated this patch, plus a temp file patch that was
submitted,
and uploaded it as the head rev copy on the website. The head rev
version
number has been changed to 2.85.
I have made sure it works under Windows,
-4641 command
injection via filename and insecure file handling
Hello Matthias,
On 3-nov-08, at 16:04, Matthias Wandel wrote:
Ok, I have integrated this patch, plus a temp file patch that was
submitted,
and uploaded it as the head rev copy on the website. The head rev
version
number has
Hello Nico,
On 01 Nov 2008, at 16:00, Nico Golde wrote:
If I understand correctly it will just delete
files with names derived from existing files. I cannot be used to
delete arbitrary files.
Why is this unlink needed anyway?
Any existing file in the position of the temporary output file
Ok, I have integrated this patch, plus a temp file patch that was submitted,
and uploaded it as the head rev copy on the website. The head rev version
number has been changed to 2.85.
I have made sure it works under Windows, and done some quick checks under
Linux.
Let me know if its good for
Hi Bruno,
* Bruno De Fraine [EMAIL PROTECTED] [2008-10-29 18:43]:
[...]
Nico, do you think this would be sufficient to rule out the vulnerability?
I didn't get this message because you didn't CC me.
I just had a look at the applied patch and I think this is
sufficient.
You didn't fix
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde [EMAIL PROTECTED] wrote:
Hi Bruno,
* Bruno De Fraine [EMAIL PROTECTED] [2008-10-29 18:43]:
[...]
Nico, do you think this would be sufficient to rule out the vulnerability?
I didn't get this message because you didn't CC me.
I just had a look at the
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-11-01 15:55]:
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde [EMAIL PROTECTED] wrote:
Hi Bruno,
* Bruno De Fraine [EMAIL PROTECTED] [2008-10-29 18:43]:
[...]
Nico, do you think this would be sufficient to rule out the vulnerability?
I
clone 503645 -1
reopen -1
retitle -1 CVE-2008-4640: insecure file handling
thank
Nico Golde a écrit :
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-11-01 15:55]:
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde [EMAIL PROTECTED] wrote:
Hi Bruno,
* Bruno De Fraine [EMAIL PROTECTED]
severity 504194 important
thank
On Sat, Nov 1, 2008 at 4:36 PM, Ludovic Rousseau
[EMAIL PROTECTED] wrote:
Nico Golde a écrit :
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-11-01 15:55]:
If I understand correctly it will just delete
files with names derived from existing files. I
Hello,
After looking at the documentation of my shell, I propose the
following patch for the command injection problem. (I assume this
works for other Unix shells as well.)
Demo with some maliciously crafted file names:
$ ./jhead -cmd ls i foo.jpg*
Cmd:ls foo.jpg\`date\`
foo.jpg`date`
Hello,
Regarding the shell escapes, I agree with Ludovic that ultimately it
would be cleaner to use exec in place of system.
However, the -cmd switch of jhead is designed to accept an _entire
shell string_ with placeholders:
jhead -cmd mogrify -quality 80 i *.jpg
Considering this
Ah, now I remember. That's why I didn't change it, especially because the
rest of jhead just layers on top of the jhead -cmd functionality.
Matthias
- Original Message -
From: Bruno De Fraine [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, October 29,
On Mon, Oct 27, 2008 at 5:03 PM, Nico Golde [EMAIL PROTECTED] wrote:
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-10-27 16:47]:
On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote:
So what is the security vulnerability?
You can use it to delete files, but
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-10-28 12:27]:
On Mon, Oct 27, 2008 at 5:03 PM, Nico Golde [EMAIL PROTECTED] wrote:
* Ludovic Rousseau [EMAIL PROTECTED] [2008-10-27 16:47]:
On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote:
So what is the
Package: jhead
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for jhead.
CVE-2008-4641[0]:
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and
| earlier allows attackers to execute arbitrary commands via shell
|
From upstream author.
-- Forwarded message --
From: Matthias Wandel
Date: Mon, Oct 27, 2008 at 1:06 PM
Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command
injection via filename and insecure file handling
To: Ludovic Rousseau [EMAIL PROTECTED]
So what
On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote:
So what is the security vulnerability?
You can use it to delete files, but why not just use rm?
If I understand correctly we have two problems (from [1])
2 - unsafe temp file creation
4 - shell escapes
I think unsafe
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-10-27 15:14]:
From upstream author.
-- Forwarded message --
From: Matthias Wandel
Date: Mon, Oct 27, 2008 at 1:06 PM
Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command
injection via filename
Hi Ludovic,
* Ludovic Rousseau [EMAIL PROTECTED] [2008-10-27 16:47]:
On Mon, Oct 27, 2008 at 1:06 PM, Matthias Wandel [EMAIL PROTECTED] wrote:
So what is the security vulnerability?
You can use it to delete files, but why not just use rm?
If I understand correctly we have two problems
From upstream.
-- Forwarded message --
From: Matthias Wandel [EMAIL PROTECTED]
Date: Mon, Oct 27, 2008 at 4:13 PM
Subject: Re: Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command
injection via filename and insecure file handling
To: Ludovic Rousseau [EMAIL PROTECTED]
Ah
22 matches
Mail list logo
