Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-1391
HistoryMar 27, 2008 - 12:00 a.m.

CVE-2008-1391

2008-03-2700:00:00
ubuntu.com
ubuntu.com
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and
probably other BSD and Apple Mac OS platforms allow context-dependent
attackers to execute arbitrary code via large values of certain integer
fields in the format argument to (1) the strfmon function in
lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the
printf function, related to left_prec and right_prec.

Notes

Author Note
kees originally limited to NetBSD php -r β€˜money_format(β€œ%1073741821i”,1);’ php -r β€˜money_format(β€œ%#1073741821i”,1);’ php -r β€˜money_format(β€œ%.1073741821i”,1);’
OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarcheglibc<Β 2.10.1-0ubuntu17UNKNOWN
ubuntu6.06noarchglibc<Β 2.3.6-0ubuntu20.6UNKNOWN
ubuntu8.04noarchglibc<Β 2.7-10ubuntu6UNKNOWN
ubuntu9.04noarchglibc<Β 2.9-4ubuntu6.2UNKNOWN

Related

securityvulns 6
prion 3
cve 3
debiancve 3
seebug 1
ubuntucve 2
openvas 12
nessus 11
ubuntu 1
debian 2
osv 1
suse 1
securityvulns
securityvulns
SecurityReason: glibc x&lt;=2.10.1 stdio/strfmon.c Multiple vulnerabilities
2009-09-18 00:00:00
[securityreason] *BSD libc &#40;strfmon&#41; Multiple vulnerabilities
2008-03-27 00:00:00
Multiple BSD and Linux systems strfmon&#40;&#41; libc / glibc function integer overflow
2009-09-18 00:00:00
prion
prion
Integer overflow
2008-03-27 17:44:00
Integer overflow
2010-06-01 20:30:00
Integer overflow
2010-06-01 20:30:00
cve
cve
CVE-2008-1391
2008-03-27 17:44:00
CVE-2009-4881
2010-06-01 20:30:00
CVE-2009-4880
2010-06-01 20:30:00
debiancve
debiancve
CVE-2008-1391
2008-03-27 17:44:00
CVE-2009-4880
2010-06-01 20:30:00
CVE-2009-4881
2010-06-01 20:30:00
seebug
seebug
倚δΈͺBSD平台'strfmon()'ε‡½ζ•°ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2008-03-29 00:00:00
ubuntucve
ubuntucve
CVE-2009-4881
2010-06-01 00:00:00
CVE-2009-4880
2010-05-24 00:00:00
openvas
openvas
Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1
2010-05-28 00:00:00
Ubuntu: Security Advisory (USN-944-1)
2010-05-28 00:00:00
Debian: Security Advisory (DSA-2058-1)
2010-06-10 00:00:00
nessus
nessus
SuSE9 Security Update : glibc (YOU Patch Number 12641)
2010-10-06 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : glibc, eglibc vulnerabilities (USN-944-1)
2010-05-26 00:00:00
Mandriva Linux Security Advisory : glibc (MDVSA-2010:112)
2010-07-30 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2010-05-25 00:00:00
debian
debian
[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities
2010-06-10 08:13:46
[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities
2010-06-10 08:13:46
osv
osv
glibc - several vulnerabilities
2010-06-10 00:00:00
suse
suse
local privilege escalation in glibc
2010-10-28 13:41:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON
Related for UB:CVE-2008-1391
securityvulns6prion3cve3debiancve3seebug1ubuntucve2openvas12nessus11ubuntu1debian2osv1suse1