19 matches found
EUVD-2008-1689
Malware in sbrugna...
EUVD-2008-1688
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2008-1688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames...
Linux Distros Unpatched Vulnerability : CVE-2008-1687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent...
Multiple packages, Multiple vulnerabilities fixed in 2010
Background For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Description Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module...
GNU m4格式串及文件名引用漏洞
BUGTRAQ ID: 28688 CVECAN ID: CVE-2008-1687,CVE-2008-1688 GNU M4是广泛应用的GNU宏处理器。 GNU M4的src/freeze.c文件中的producefrozenstate函数存在格式串处理漏洞,如果向m4 -F传送了特制的文件名参数的话,就可能导致执行任意指令。 GNU M4在实现maketemp和mkstemp宏时存在漏洞,如果输出字符串中包含有特殊字符的话,就可能导致处理不正确的文件。 GNU m4 1.4.10 GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...
CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...
CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
Code injection
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
DEBIAN-CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...
Design/Logic Flaw
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...
CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...
CVE-2008-1688
CVE-2008-1688 affects GNU m4 up to version 1.4.10, with the issue arising from how filenames are handled when using -F. The vulnerability is described as allowing context-dependent attackers to execute arbitrary code due to improper filename handling in the code paths related to maketemp/mkstemp ...
CVE-2008-1687
The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...
CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...
CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...