CVE-2008-1568 Information

Description

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar unrar or jpegtran programs.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840 http://secunia.com/advisories/29621 http://secunia.com/advisories/29731 http://secunia.com/advisories/29956 http://security.gentoo.org/glsa/glsa-200804-29.xml http://www.securityfocus.com/bid/28547 https://exchange.xforce.ibmcloud.com/vulnerabilities/41554 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html