Back to search
CVE-2008-1391
Published: Mar 27, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
28479
vdb-entry
x_refsource_BID
20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities
mailing-list
x_refsource_BUGTRAQ
ADV-2008-3444
vdb-entry
x_refsource_VUPEN
TA08-350A
third-party-advisory
x_refsource_CERT
bsd-strfmon-overflow(41504)
vdb-entry
x_refsource_XF
33179
third-party-advisory
x_refsource_SECUNIA
3770
third-party-advisory
x_refsource_SREASON
SUSE-SA:2010:052
vendor-advisory
x_refsource_SUSE
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c
x_refsource_CONFIRM
20080325 *BSD libc (strfmon) Multiple vulnerabilities
third-party-advisory
x_refsource_SREASONRES
http://support.apple.com/kb/HT3338
x_refsource_CONFIRM
DSA-2058
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2008-12-15
vendor-advisory
x_refsource_APPLE
1019722
vdb-entry
x_refsource_SECTRACK
29574
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now