Showing 1 - 4 of 4

CVE-2008-4306

Status Candidate

Overview

Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.

Mandriva Linux Security Advisory 2008-243: Posted Dec 16, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2008-243 - Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled. The updated packages have been patched to prevent these issues.; tags | advisory, overflow, arbitrary, vulnerability; systems | linux, mandriva; advisories | CVE-2008-3863, CVE-2008-4306; SHA-256 | 18a58b49039894f059ca64fe3985a33af581cd963f98cc0093cbaccc56628aae; Download | Favorite | View

Gentoo Linux Security Advisory 200812-2: Posted Dec 2, 2008; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200812-02 - Two buffer overflows in enscript might lead to the execution of arbitrary code. Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the setfilename command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the font escape sequence (CVE-2008-4306). Versions less than 1.6.4-r4 are affected.; tags | advisory, overflow, arbitrary; systems | linux, gentoo, ubuntu; advisories | CVE-2008-3863, CVE-2008-4306; SHA-256 | 8cbd0e0780d7c5ffd3c6367c7776e0d6e14aa37279c75668c254b97bf5515cbf; Download | Favorite | View

Debian Linux Security Advisory 1670-1: Posted Nov 25, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1670-1 - Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2008-3863, CVE-2008-4306; SHA-256 | 392f0bed85e68fa6e0194697606daa62bbd30c5b28d7c3db04fc80753c02e2b6; Download | Favorite | View

Ubuntu Security Notice 660-1: Posted Nov 4, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 660-1 - Ulf Harnhammar discovered multiple stack overflows in enscript's handling of special escape arguments. If a user or automated system were tricked into processing a malicious file with the "-e" option enabled, a remote attacker could execute arbitrary code or cause enscript to crash, possibly leading to a denial of service.; tags | advisory, remote, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2008-3863, CVE-2008-4306; SHA-256 | 84459423b404f0b444e3aeb8cf1ecd2112972ac04d2ded5ee49b2d4d5fe9c5c0; Download | Favorite | View

Page 1 of 1 Back 1 Next