Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0810151432500.15058@faron.mitre.org>
Date: Wed, 15 Oct 2008 14:34:45 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com, Jamie Strandboge <jamie@...onical.com>
cc: jdong@...ntu.com
Subject: Re: CVE request: jhead


Here's the current writeup for CVE-2008-4575.

Jamie and John - don't feel forced to publish more specific details, just
knowing the bug types (and whether upstream fixed *all* the overflows in
2.84, or just some) is enough.

- Steve

======================================================
Name: CVE-2008-4575
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4575
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/15/6
Reference: CONFIRM:http://www.sentex.net/~mwandel/jhead/changes.txt
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020

Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
via (1) a long -cmd argument and (2) possibly other unspecified
vectors.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.