1. CVE-Search
  2. CVE-2008-1688
ID CVE-2008-1688
Summary Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:m4:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:m4:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:m4:1.4.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-08-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 28688
mlist
  • [oss-security] 20080406 Re: Security fixes in m4-1.4.11
  • [oss-security] 20080406 Security fixes in m4-1.4.11
osvdb 44272
secunia
  • 29671
  • 29729
slackware SSA:2008-098-01
vupen ADV-2008-1151
xf gnu-m4-producefrozenstate-format-string(41704)
statements via4
contributor Joshua Bressers
lastmodified 2008-04-15
organization Red Hat
statement Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior.
Last major update 08-08-2017 - 01:30
Published 09-04-2008 - 19:05
Last modified 08-08-2017 - 01:30
Back to Top