Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-3863

Disclosure Date: October 23, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

gnu

Products

enscript 1.6.1,
enscript 1.6.4

References

Canonical

CVE-2008-3863 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863)

BID-31858 (http://www.securityfocus.com/bid/31858)

Advisory

ADV-2008-2891 (http://www.vupen.com/english/advisories/2008/2891)

SECUNIA-32137 (http://secunia.com/advisories/32137)

XF-gnuenscript-readspecialescape-bo(46026) (https://exchange.xforce.ibmcloud.com/vulnerabilities/46026)

SECUNIA-32521 (http://secunia.com/advisories/32521)

http://support.apple.com/kb/HT3549

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

FEDORA-2008-9372 (https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9939

FEDORA-2008-9351 (https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html)

http://www.redhat.com/support/errata/RHSA-2008-1016.html

http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm

USN-660-1 (http://www.ubuntu.com/usn/usn-660-1)

SECUNIA-35074 (http://secunia.com/advisories/35074)

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321

SREASON-4488 (http://securityreason.com/securityalert/4488)

APPLE-SA-2009-05-12 (http://lists.apple.com/archives/security-announce/2009/May/msg00002.html)

GLSA-200812-02 (http://security.gentoo.org/glsa/glsa-200812-02.xml)

20081022 Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow (http://www.securityfocus.com/archive/1/497647/100/0/threaded)

20081117 rPSA-2008-0321-1 enscript (http://www.securityfocus.com/archive/1/498385/100/0/threaded)

https://issues.rpath.com/browse/RPL-2887

SECUNIA-32854 (http://secunia.com/advisories/32854)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:243

SECUNIA-32970 (http://secunia.com/advisories/32970)

SECUNIA-32530 (http://secunia.com/advisories/32530)

DSA-1670 (http://www.debian.org/security/2008/dsa-1670)

TA09-133A (http://www.us-cert.gov/cas/techalerts/TA09-133A.html)

ADV-2009-1297 (http://www.vupen.com/english/advisories/2009/1297)

SECUNIA-32753 (http://secunia.com/advisories/32753)

SECUNIA-33109 (http://secunia.com/advisories/33109)

http://rhn.redhat.com/errata/RHSA-2008-1021.html

Miscellaneous

http://secunia.com/secunia_research/2008-41

Rapid7

Technical Analysis