CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/achievement_securityalert/53	Exploit
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c
http://securityreason.com/securityalert/3770	Exploit
http://www.securitytracker.com/id?1019722
http://secunia.com/advisories/29574
http://www.securityfocus.com/bid/28479
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
http://secunia.com/advisories/33179
http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
http://support.apple.com/kb/HT3338
http://www.debian.org/security/2010/dsa-2058
http://www.vupen.com/english/advisories/2008/3444
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/41504
http://www.securityfocus.com/archive/1/490158/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:6.0:::::::*
	cpe:2.3:o:freebsd:freebsd:6.0:release::::::
	cpe:2.3:o:netbsd:netbsd:4.0:::::::*
	cpe:2.3:o:freebsd:freebsd:6.0:stable::::::
	cpe:2.3:o:freebsd:freebsd:6.0_p5_release:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0:pre-release::::::
	cpe:2.3:o:freebsd:freebsd:7.0_beta4:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0_releng:::::::*

Information

Published : 2008-03-27 10:44

Updated : 2018-10-11 13:33

NVD link : CVE-2008-1391

Mitre link : CVE-2008-1391

JSON object : View

CWE

CWE-189

Numeric Errors

Advertisement

Products Affected

freebsd

freebsd

netbsd

netbsd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://securityreason.com/achievement_securityalert/53", "name": "20080325 *BSD libc (strfmon) Multiple vulnerabilities", "tags": ["Exploit"], "refsource": "SREASONRES"}, {"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c", "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c", "tags": [], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/securityalert/3770", "name": "3770", "tags": ["Exploit"], "refsource": "SREASON"}, {"url": "http://www.securitytracker.com/id?1019722", "name": "1019722", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/29574", "name": "29574", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28479", "name": "28479", "tags": [], "refsource": "BID"}, {"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html", "name": "APPLE-SA-2008-12-15", "tags": [], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/33179", "name": "33179", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html", "name": "TA08-350A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://support.apple.com/kb/HT3338", "name": "http://support.apple.com/kb/HT3338", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2010/dsa-2058", "name": "DSA-2058", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.vupen.com/english/advisories/2008/3444", "name": "ADV-2008-3444", "tags": [], "refsource": "VUPEN"}, {"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html", "name": "SUSE-SA:2010:052", "tags": [], "refsource": "SUSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41504", "name": "bsd-strfmon-overflow(41504)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/490158/100/0/threaded", "name": "20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1391", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-03-27T17:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:33Z"}