Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: GNU Enscript, buffer overflow

December 2008 by Vigil@nce

An attacker can invite the victim to convert a malicious file with
GNU Enscript in order to execute code on his computer.

 Gravity: 2/4
 Consequences: user access/rights
 Provenance: document
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 15/12/2008
 Revision date: 16/12/2008

IMPACTED PRODUCTS

 Red Hat Enterprise Linux
 Unix - plateform

DESCRIPTION

The GNU Enscript program converts a text file to PostScript, HTML
or RTF.

GNU Enscript versions prior to 1.6.4 insecurely use strcpy() and
sprintf() functions. An attacker can therefore generate several
buffer overflows.

An attacker can thus create a malicious text file, and invite the
victim to open it with Enscript in order to execute code on his
computer.

CHARACTERISTICS

 Identifiers: CVE-2008-5078, RHSA-2008:1021-02, VIGILANCE-VUL-8333
 Url: http://vigilance.fr/vulnerability/8333


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts