Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5078

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5078
Last Modified 21 Aug 2010 01:25:42
Published 19 Dec 2008 12:30:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5078

Summary

Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.

Vulnerable Systems

Application

  • Gnu Escript 1.6.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=473958

XF - enscript-recognize-tilde-bo(47680)

SECTRACK - 1021401

REDHAT - RHSA-2008:1021

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm

SECUNIA - 33181

SUSE - SUSE-SR:2009:005


Last Updated: 27 May 2016 10:48:42