Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3229

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-3229
Last Modified 10 Sep 2008 12:00:00
Published 18 Jul 2008 12:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3229

Summary

Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable.

Vulnerable Systems

Application

  • Swapoff Op 1.1.10

  • Swapoff Op 1.1.19

  • Swapoff Op 1.20

  • Swapoff Op 1.21

  • Swapoff Op 1.22

  • Swapoff Op 1.23

  • Swapoff Op 1.24

  • Swapoff Op 1.25

  • Swapoff Op 1.26

  • Swapoff Op 1.27

  • Swapoff Op 1.28

  • Swapoff Op 1.29

  • Swapoff Op 1.30

  • Swapoff Op 1.31

  • Swapoff Op 1.32


References

XF - op-go-bo(43836)

BID - 30226

MLIST - [oss-security] 20080712 CVE id request: op

CONFIRM - http://swapoff.org/changeset/563

SECUNIA - 31103


Last Updated: 27 May 2016 10:48:07