Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-3863HistoryOct 23, 2008 - 10:00 p.m.
CVE-2008-3863
2008-10-2322:00:00
Debian Security Bug Tracker
security-tracker.debian.org
9
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.292 Low
EPSS
Percentile
96.9%
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | enscript | <Β 1.6.4-13 | enscript_1.6.4-13_all.deb |
| Debian | 11 | all | enscript | <Β 1.6.4-13 | enscript_1.6.4-13_all.deb |
| Debian | 10 | all | enscript | <Β 1.6.4-13 | enscript_1.6.4-13_all.deb |
| Debian | 999 | all | enscript | <Β 1.6.4-13 | enscript_1.6.4-13_all.deb |
| Debian | 13 | all | enscript | <Β 1.6.4-13 | enscript_1.6.4-13_all.deb |
Related
nessus
nessus
openSUSE 10 Security Update : enscript (enscript-5719)
2008-11-06 00:00:00
SuSE 10 Security Update : enscript (ZYPP Patch Number 5715)
2008-11-06 00:00:00
SuSE9 Security Update : enscript (YOU Patch Number 12275)
2009-09-24 00:00:00
seebug
seebug
GNU Enscript src/psgen.cζ ζΊ’εΊζΌζ΄
2008-10-23 00:00:00
cve
cve
CVE-2008-3863
2008-10-23 22:00:00
securityvulns
securityvulns
GNU enscript buffer overflow
2008-10-29 00:00:00
Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow
2008-10-29 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
openvas
openvas
SLES10: Security update for enscript
2009-10-13 00:00:00
SLES9: Security update for enscript
2009-10-10 00:00:00
SLES10: Security update for enscript
2009-10-13 00:00:00
cvelist
cvelist
CVE-2008-3863
2008-10-23 21:00:00
prion
prion
Stack overflow
2008-10-23 22:00:00
ubuntucve
ubuntucve
CVE-2008-3863
2008-10-23 00:00:00
CVE-2008-4306
2008-11-04 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:29:06
debian
debian
[SECURITY] [DSA 1670-1] New enscript packages fix arbitrary code execution
2008-11-24 21:01:29
osv
osv
enscript - arbitrary code execution
2008-11-24 00:00:00
redhat
redhat
(RHSA-2008:1016) Moderate: enscript security update
2008-12-15 00:00:00
(RHSA-2008:1021) Moderate: enscript security update
2008-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: enscript-1.6.4-9.fc8
2008-11-06 04:04:23
[SECURITY] Fedora 9 Update: enscript-1.6.4-10.fc9
2008-11-06 04:06:38
freebsd
freebsd
enscript -- arbitrary code execution vulnerability
2008-10-22 00:00:00
gentoo
gentoo
enscript: User-assisted execution of arbitrary code
2008-12-02 00:00:00
oraclelinux
oraclelinux
enscript security update
2008-12-15 00:00:00
enscript security update
2008-12-15 00:00:00
centos
centos
enscript security update
2008-12-16 01:11:43
enscript security update
2008-12-15 16:57:26
enscript security update
2008-12-15 22:08:08
ubuntu
ubuntu
enscript vulnerability
2008-11-03 00:00:00
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.292 Low
EPSS
Percentile
96.9%
Related for DEBIANCVE:CVE-2008-3863