CVE-2008-3863 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-3863
Status Candidate
Description Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
Phase Assigned (29.08.2008)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3863
References APPLE : APPLE-SA-2009-05-12
BID : 31858
BUGTRAQ : 20081022 Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow
CERT : TA09-133A
CONFIRM : http://support.apple.com/kb/HT3549
CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
FEDORA : FEDORA-2008-9351
FEDORA : FEDORA-2008-9372
GENTOO : GLSA-200812-02
MANDRIVA : MDVSA-2008:243
MISC : http://secunia.com/secunia_research/2008-41/
OVAL : oval:org.mitre.oval:def:9939
REDHAT : RHSA-2008:1016
SECUNIA : 32137
SECUNIA : 32521
SECUNIA : 32530
SECUNIA : 32970
SECUNIA : 33109
SECUNIA : 35074
SREASON : 4488
SUSE : SUSE-SR:2008:024
UBUNTU : USN-660-1
VUPEN : ADV-2008-2891
VUPEN : ADV-2009-1297
XF : gnuenscript-readspecialescape-bo(46026)
SecurityVulns: GNU enscript buffer overflow

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server