Lucene search

PRIOn knowledge basePRION:CVE-2008-3916

HistorySep 04, 2008 - 6:41 p.m.

Heap overflow

2008-09-0418:41:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.4%

JSON

Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.

CPENameOperatorVersion
edeq0.3
edeq0.7
edeq0.6
edeq0.4
edeq0.2
edeq0.9
edeq0.5
edeq0.8

Name	Operator	Version
ed	eq	0.3
ed	eq	0.7
ed	eq	0.6
ed	eq	0.4
ed	eq	0.2
ed	eq	0.9
ed	eq	0.5
ed	eq	0.8

References

lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

secunia.com/advisories/32349

secunia.com/advisories/32460

secunia.com/advisories/33005

secunia.com/advisories/38794

secunia.com/advisories/43068

security.gentoo.org/glsa/glsa-200809-15.xml

support.avaya.com/elmodocs2/security/ASA-2008-461.htm

www.mandriva.com/security/advisories?name=MDVSA-2008:200

www.redhat.com/support/errata/RHSA-2008-0946.html

www.securityfocus.com/archive/1/501298/100/0/threaded

www.securityfocus.com/bid/30815

www.securitytracker.com/id?1020734

www.vmware.com/security/advisories/VMSA-2009-0003.html

www.vupen.com/english/advisories/2008/2642

www.vupen.com/english/advisories/2008/3347

www.vupen.com/english/advisories/2010/0528

www.vupen.com/english/advisories/2011/0212

exchange.xforce.ibmcloud.com/vulnerabilities/44643

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678

www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html