CVE-2008-1687
6.3 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.4%
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
References
secunia.com/advisories/29671
secunia.com/advisories/29729
slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612
www.openwall.com/lists/oss-security/2008/04/07/1
www.openwall.com/lists/oss-security/2008/04/07/12
www.openwall.com/lists/oss-security/2008/04/07/3
www.openwall.com/lists/oss-security/2008/04/07/4
www.securityfocus.com/bid/28688
www.vupen.com/english/advisories/2008/1151/references
exchange.xforce.ibmcloud.com/vulnerabilities/41706
Social References
More
Related
6.3 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.4%