Vulnerability CVE-2008-3916


Published: 2008-09-04   Modified: 2011-03-07

Description:
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: GNU
Product: ED 
Version:
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html
http://xforce.iss.net/xforce/xfdb/44643
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2008/3347
http://www.vupen.com/english/advisories/2008/2642
http://www.vmware.com/security/advisories/VMSA-2009-0003.html
http://www.securitytracker.com/id?1020734
http://www.securityfocus.com/bid/30815
http://www.securityfocus.com/archive/1/archive/1/501298/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2008-0946.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:200
http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm
http://security.gentoo.org/glsa/glsa-200809-15.xml
http://secunia.com/advisories/43068
http://secunia.com/advisories/38794
http://secunia.com/advisories/33005
http://secunia.com/advisories/32460
http://secunia.com/advisories/32349
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10678
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html

Related CVE
CVE-2017-15025
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.
CVE-2017-15022
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or...
CVE-2017-15023
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer de...
CVE-2017-15024
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF f...
CVE-2017-15020
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via ...
CVE-2017-15021
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafte...
CVE-2017-14974
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (...
CVE-2017-14940
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF f...

Copyright 2017, cxsecurity.com

 

Back to Top