New Search

Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges this issue only crosses privilege boundaries when ed is invoked as a third-party component.

oval:org.mitre.oval:def:10678

Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges this issue only crosses privilege boundaries when ed is invoked as a third-party component.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 3
  • Oracle Linux 5
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • CentOS Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2008-3916
Product(s):