|
|
CVE Reference: CVE-2008-1391 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1391 |
|
|
Description: Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/41504 ST 1019722 SREASONRES http://securityreason.com/achievement_securityalert/53 SREASON http://securityreason.com/securityalert/3770 SAID Secunia Advisory: SA29574 Secunia Advisory: SA33179 DEBIAN http://www.debian.org/security/2010/dsa-2058 CONFIRM http://support.apple.com/kb/HT3338 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c CERT http://www.us-cert.gov/cas/techalerts/TA08-350A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/490158/100/0/threaded BID 28479 APPLE http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html |
|
| Return to the previous page. |
