oss-sec mailing list archives
Re: GNU ed heap overflow
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 4 Sep 2008 13:07:08 -0400 (EDT)
Use CVE-2008-3916... with caveat. While everything's inter-connected these days and maye ed can be invoked from some URI handler, or behind some application that passes user input to ed, I'm generally uncomfortable assigning a CVE for this type of "local issue" unless there's a reasonable usage scenario under which the application is reachable (WordNet has reasonable usage scenarios as a back end, for example). ====================================================== Name: CVE-2008-3916 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916 Reference: MLIST:[bug-ed] 20080821 Version 1.0 of GNU ed released Reference: URL:http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html Reference: SECTRACK:1020734 Reference: URL:http://www.securitytracker.com/id?1020734 Reference: XF:gnued-stripescapes-bo(44643) Reference: URL:http://xforce.iss.net/xforce/xfdb/44643 Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Current thread:
- GNU ed heap overflow Florian Weimer (Aug 31)
- Re: GNU ed heap overflow Tavis Ormandy (Sep 01)
- Re: GNU ed heap overflow Florian Weimer (Sep 01)
- Re: GNU ed heap overflow Steven M. Christey (Sep 04)
- Re: GNU ed heap overflow Florian Weimer (Sep 04)
- Re: GNU ed heap overflow Florian Weimer (Sep 01)
- Re: GNU ed heap overflow Tavis Ormandy (Sep 01)
- Re: GNU ed heap overflow Steven M. Christey (Sep 04)