ID CVE-2008-1687
Summary The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:m4:1.4.10
    cpe:2.3:a:gnu:m4:1.4.10
CVSS
Base: 7.5 (as of 09-04-2008 - 15:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Slackware Local Security Checks
NASL id SLACKWARE_SSA_2008-098-01.NASL
description New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
last seen 2019-02-21
modified 2018-08-09
plugin id 31802
published 2008-04-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=31802
title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : m4 (SSA:2008-098-01)
refmap via4
bid 28688
mlist
  • [oss-security] 20080406 Re: Security fixes in m4-1.4.11
  • [oss-security] 20080406 Security fixes in m4-1.4.11
  • [oss-security] 20080407 Re: Security fixes in m4-1.4.11
secunia
  • 29671
  • 29729
slackware SSA:2008-098-01
vupen ADV-2008-1151
xf gnu-m4-macros-weak-security(41706)
statements via4
contributor Joshua Bressers
lastmodified 2008-04-15
organization Red Hat
statement Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior.
Last major update 07-03-2011 - 22:07
Published 09-04-2008 - 15:05
Last modified 07-08-2017 - 21:30
Back to Top