Vulnerability CVE-2008-3916


Published: 2008-09-04   Modified: 2011-03-07

Description:
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: GNU
Product: ED 
Version:
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html
http://xforce.iss.net/xforce/xfdb/44643
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2008/3347
http://www.vupen.com/english/advisories/2008/2642
http://www.vmware.com/security/advisories/VMSA-2009-0003.html
http://www.securitytracker.com/id?1020734
http://www.securityfocus.com/bid/30815
http://www.securityfocus.com/archive/1/archive/1/501298/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2008-0946.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:200
http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm
http://security.gentoo.org/glsa/glsa-200809-15.xml
http://secunia.com/advisories/43068
http://secunia.com/advisories/38794
http://secunia.com/advisories/33005
http://secunia.com/advisories/32460
http://secunia.com/advisories/32349
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10678
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html

Related CVE
CVE-2017-16830
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possi...
CVE-2017-16831
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or exce...
CVE-2017-16832
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a d...
CVE-2017-16827
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) ...
CVE-2017-16828
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted...
CVE-2017-16829
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of ser...
CVE-2017-16826
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or po...
CVE-2017-1000383
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs...

Copyright 2017, cxsecurity.com

 

Back to Top