ID CVE-2008-1688
Summary Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:m4:1.4.1
    cpe:2.3:a:gnu:m4:1.4.1
  • cpe:2.3:a:gnu:m4:1.4.10
    cpe:2.3:a:gnu:m4:1.4.10
  • cpe:2.3:a:gnu:m4:1.4.2
    cpe:2.3:a:gnu:m4:1.4.2
  • cpe:2.3:a:gnu:m4:1.4.3
    cpe:2.3:a:gnu:m4:1.4.3
  • cpe:2.3:a:gnu:m4:1.4.4
    cpe:2.3:a:gnu:m4:1.4.4
  • cpe:2.3:a:gnu:m4:1.4.5
    cpe:2.3:a:gnu:m4:1.4.5
  • cpe:2.3:a:gnu:m4:1.4.6
    cpe:2.3:a:gnu:m4:1.4.6
  • cpe:2.3:a:gnu:m4:1.4.7
    cpe:2.3:a:gnu:m4:1.4.7
  • cpe:2.3:a:gnu:m4:1.4.8
    cpe:2.3:a:gnu:m4:1.4.8
  • cpe:2.3:a:gnu:m4:1.4.9
    cpe:2.3:a:gnu:m4:1.4.9
CVSS
Base: 7.5 (as of 09-04-2008 - 15:35)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Slackware Local Security Checks
NASL id SLACKWARE_SSA_2008-098-01.NASL
description New m4 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
last seen 2019-02-21
modified 2018-08-09
plugin id 31802
published 2008-04-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=31802
title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : m4 (SSA:2008-098-01)
refmap via4
bid 28688
mlist
  • [oss-security] 20080406 Re: Security fixes in m4-1.4.11
  • [oss-security] 20080406 Security fixes in m4-1.4.11
osvdb 44272
secunia
  • 29671
  • 29729
slackware SSA:2008-098-01
vupen ADV-2008-1151
xf gnu-m4-producefrozenstate-format-string(41704)
statements via4
contributor Joshua Bressers
lastmodified 2008-04-15
organization Red Hat
statement Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior.
Last major update 07-03-2011 - 22:07
Published 09-04-2008 - 15:05
Last modified 07-08-2017 - 21:30
Back to Top