ID CVE-2008-1391
Summary Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
References
Vulnerable Configurations
  • cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
  • cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2018 - 20:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2008-12-15
bid 28479
bugtraq 20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities
cert TA08-350A
confirm
debian DSA-2058
sectrack 1019722
secunia
  • 29574
  • 33179
sreason 3770
sreasonres 20080325 *BSD libc (strfmon) Multiple vulnerabilities
suse SUSE-SA:2010:052
vupen ADV-2008-3444
xf bsd-strfmon-overflow(41504)
statements via4
contributor Tomas Hoger
lastmodified 2009-09-24
organization Red Hat
statement Red Hat does not consider this to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.
Last major update 11-10-2018 - 20:33
Published 27-03-2008 - 17:44
Back to Top