CVE-2008-3863 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3863
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3863

Description: Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/46026 UBUNTU http://www.ubuntu.com/usn/usn-660-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html SREASON http://securityreason.com/securityalert/4488 SAID Secunia Advisory: SA35074 Secunia Advisory: SA32137 Secunia Advisory: SA32530 Secunia Advisory: SA33109 Secunia Advisory: SA32970 Secunia Advisory: SA32521 REDHAT http://www.redhat.com/support/errata/RHSA-2008-1016.html MISC http://secunia.com/secunia_research/2008-41/ MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:243 GENTOO http://security.gentoo.org/glsa/glsa-200812-02.xml FEDORA CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm http://support.apple.com/kb/HT3549 CERT http://www.us-cert.gov/cas/techalerts/TA09-133A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497647/100/0/threaded BID 31858 APPLE http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Return to the previous page.