CVE-2008-4641
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
| Software | From | Fixed in |
|---|---|---|
| sentex / jhead | 2.6 | 2.6.x |
| sentex / jhead | 1.5 | 1.5.x |
| sentex / jhead | 2.3 | 2.3.x |
| sentex / jhead | 2.5 | 2.5.x |
| sentex / jhead | 1.3 | 1.3.x |
| sentex / jhead | 2.4-2 | 2.4-2.x |
| sentex / jhead | 1.2 | 1.2.x |
| sentex / jhead | 1.8 | 1.8.x |
| sentex / jhead | 2.0 | 2.0.x |
| sentex / jhead | 2.7 | 2.7.x |
| sentex / jhead | 2.4-1 | 2.4-1.x |
| sentex / jhead | 1.6 | 1.6.x |
| sentex / jhead | 2.4 | 2.4.x |
| sentex / jhead | 1.9 | 1.9.x |
| sentex / jhead | 1.7 | 1.7.x |
| sentex / jhead | 1.4 | 1.4.x |
| sentex / jhead | 2.1 | 2.1.x |
| sentex / jhead | - | 2.82.x |
| sentex / jhead | 2.8 | 2.8.x |
| sentex / jhead | 2.2 | 2.2.x |
- http://www.openwall.com/lists/oss-security/2008/10/15/5
- http://www.openwall.com/lists/oss-security/2008/10/15/6
- http://www.openwall.com/lists/oss-security/2008/10/16/3
- http://www.openwall.com/lists/oss-security/2008/11/26/4
- http://www.securityfocus.com/bid/31921
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime