CVE-2008-3863

Related Files

Mandriva Linux Security Advisory 2008-243

Posted Dec 16, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-243 - Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled. The updated packages have been patched to prevent these issues.

tags | advisory, overflow, arbitrary, vulnerability

systems | linux, mandriva

advisories | CVE-2008-3863, CVE-2008-4306

SHA-256 | 18a58b49039894f059ca64fe3985a33af581cd963f98cc0093cbaccc56628aae

Download | Favorite | View

Gentoo Linux Security Advisory 200812-2

Posted Dec 2, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-02 - Two buffer overflows in enscript might lead to the execution of arbitrary code. Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the setfilename command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the font escape sequence (CVE-2008-4306). Versions less than 1.6.4-r4 are affected.

tags | advisory, overflow, arbitrary

systems | linux, gentoo, ubuntu

advisories | CVE-2008-3863, CVE-2008-4306

SHA-256 | 8cbd0e0780d7c5ffd3c6367c7776e0d6e14aa37279c75668c254b97bf5515cbf

Download | Favorite | View

Debian Linux Security Advisory 1670-1

Posted Nov 25, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1670-1 - Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2008-3863, CVE-2008-4306

SHA-256 | 392f0bed85e68fa6e0194697606daa62bbd30c5b28d7c3db04fc80753c02e2b6

Download | Favorite | View

Ubuntu Security Notice 660-1

Posted Nov 4, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 660-1 - Ulf Harnhammar discovered multiple stack overflows in enscript's handling of special escape arguments. If a user or automated system were tricked into processing a malicious file with the "-e" option enabled, a remote attacker could execute arbitrary code or cause enscript to crash, possibly leading to a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, ubuntu

advisories | CVE-2008-3863, CVE-2008-4306

SHA-256 | 84459423b404f0b444e3aeb8cf1ecd2112972ac04d2ded5ee49b2d4d5fe9c5c0

Download | Favorite | View

secunia-enscript.txt

Posted Oct 22, 2008

Authored by Ulf Harnhammar | Site secunia.com

Secunia Research has discovered a vulnerability in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "read_special_escape()" function in src/psgen.c. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the "-e" option. GNU Enscript versions 1.6.1 and 1.6.4 beta are vulnerable.

tags | advisory, overflow, arbitrary

advisories | CVE-2008-3863

SHA-256 | 8a7d447dd69db4f8d793cacd7994b607c6795026d0ed31d75ebc239dfccf920d

Download | Favorite | View