Vigil@nce: GNU Enscript, buffer overflow
December 2008 by Vigil@nce
An attacker can invite the victim to convert a malicious file with
GNU Enscript in order to execute code on his computer.
– Gravity: 2/4
– Consequences: user access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 15/12/2008
– Revision date: 16/12/2008
IMPACTED PRODUCTS
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION
The GNU Enscript program converts a text file to PostScript, HTML
or RTF.
GNU Enscript versions prior to 1.6.4 insecurely use strcpy() and
sprintf() functions. An attacker can therefore generate several
buffer overflows.
An attacker can thus create a malicious text file, and invite the
victim to open it with Enscript in order to execute code on his
computer.
CHARACTERISTICS
– Identifiers: CVE-2008-5078, RHSA-2008:1021-02, VIGILANCE-VUL-8333
– Url: http://vigilance.fr/vulnerability/8333