Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3863

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2008-3863
Last Modified 05 Nov 2012 11:07:49
Published 23 Oct 2008 06:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-3863

Summary

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

Vulnerable Systems

Application

  • Gnu Enscript 1.6.1

  • Gnu Enscript 1.6.4


References

CERT - TA09-133A

FEDORA - FEDORA-2008-9372

FEDORA - FEDORA-2008-9351

XF - gnuenscript-readspecialescape-bo(46026)

VUPEN - ADV-2009-1297

VUPEN - ADV-2008-2891

UBUNTU - USN-660-1

BID - 31858

BUGTRAQ - 20081022 Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow

REDHAT - RHSA-2008:1016

MANDRIVA - MDVSA-2008:243

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm

CONFIRM - http://support.apple.com/kb/HT3549

SREASON - 4488

GENTOO - GLSA-200812-02

MISC - http://secunia.com/secunia_research/2008-41/

SECUNIA - 35074

SECUNIA - 33109

SECUNIA - 32970

SECUNIA - 32530

SECUNIA - 32521

SECUNIA - 32137

SUSE - SUSE-SR:2008:024

APPLE - APPLE-SA-2009-05-12

CONFIRM - https://issues.rpath.com/browse/RPL-2887

BUGTRAQ - 20081117 rPSA-2008-0321-1 enscript

DEBIAN - DSA-1670

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321

SECUNIA - 32854

SECUNIA - 32753

REDHAT - RHSA-2008:1021

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Novell SUSE 2008:5715 enscript security update for SLE 10 i586


Last Updated: 27 May 2016 10:49:48