Lucene search

K

PRIOn knowledge basePRION:CVE-2008-1687

HistoryApr 09, 2008 - 7:05 p.m.

Code injection

2008-04-0919:05:00

PRIOn knowledge base

www.prio-n.com

3

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.0%

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

CPENameOperatorVersion
m4le1.4.10

References

secunia.com/advisories/29671

secunia.com/advisories/29729

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612

www.openwall.com/lists/oss-security/2008/04/07/1

www.openwall.com/lists/oss-security/2008/04/07/12

www.openwall.com/lists/oss-security/2008/04/07/3

www.openwall.com/lists/oss-security/2008/04/07/4

www.securityfocus.com/bid/28688

www.vupen.com/english/advisories/2008/1151/references

exchange.xforce.ibmcloud.com/vulnerabilities/41706

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.0%

Related for PRION:CVE-2008-1687

debiancve1 ubuntucve1 cve1 nessus1 openvas2 slackware1 seebug1