8 matches found
Linux Distros Unpatched Vulnerability : CVE-2008-1687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent...
SUSE CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
Slackware: Security Advisory (SSA:2008-098-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GNU m4格式串及文件名引用漏洞
BUGTRAQ ID: 28688 CVECAN ID: CVE-2008-1687,CVE-2008-1688 GNU M4是广泛应用的GNU宏处理器。 GNU M4的src/freeze.c文件中的producefrozenstate函数存在格式串处理漏洞,如果向m4 -F传送了特制的文件名参数的话,就可能导致执行任意指令。 GNU M4在实现maketemp和mkstemp宏时存在漏洞,如果输出字符串中包含有特殊字符的话,就可能导致处理不正确的文件。 GNU m4 1.4.10 GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
CVE-2008-1687
The CVE-2008-1687 issue affects GNU m4 up to version 1.4.10; the maketemp and mkstemp builtins do not quote their output when creating a file, which can let an attacker trigger a macro expansion and cause the program to use an incorrect filename. The root cause is unquoted output during file crea...
CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
[slackware-security] m4
New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-1687...