Vulnerability Name:

CVE-2008-1391 (CCN-41504)

Assigned:2008-03-27
Published:2008-03-27
Updated:2018-10-11
Summary:Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Mar 27 2008 - 09:09:49 CDT
[securityreason] *BSD libc (strfmon) Multiple vulnerabilities

Source: MITRE
Type: CNA
CVE-2008-1391

Source: CCN
Type: NetBSD CVS Repository
CVS log for src/lib/libc/stdlib/strfmon.c

Source: CONFIRM
Type: UNKNOWN
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-12-15

Source: CCN
Type: SA29574
FreeBSD "strfmon()" Multiple Integer Overflows

Source: SECUNIA
Type: UNKNOWN
29574

Source: CCN
Type: SA33179
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33179

Source: SREASONRES
Type: Exploit
20080325 *BSD libc (strfmon) Multiple vulnerabilities

Source: CCN
Type: SecurityReason Advisory SecurityAlert : 67
glibc x<=2.10.1 stdio/strfmon.c Multiple Vulnerabilities

Source: SREASON
Type: Exploit
3770

Source: CCN
Type: SECTRACK ID: 1019722
libc strfmon() Integer Overflows May Let Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3338

Source: DEBIAN
Type: UNKNOWN
DSA-2058

Source: DEBIAN
Type: DSA-2058
eglibc -- multiple vulnerabilities

Source: CCN
Type: FreeBSD Web site
FreeBSD

Source: CCN
Type: GNU Web site
GNU C Library

Source: CCN
Type: OSVDB ID: 43837
FreeBSD libc strfmon() Multiple Overflows

Source: CCN
Type: OSVDB ID: 65079
GNU C Library (glibc) stdlib/strfmon_l.c __vstrfmon_l Function Format String Overflow DoS

Source: CCN
Type: OSVDB ID: 65080
GNU C Library (glibc) strfmon Implementation Crafted Format String Overflow DoS

Source: BUGTRAQ
Type: UNKNOWN
20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities

Source: BID
Type: UNKNOWN
28479

Source: CCN
Type: BID-28479
Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness

Source: CCN
Type: BID-36443
GNU glibc 'strfmon()' Function Integer Overflow Weakness

Source: SECTRACK
Type: UNKNOWN
1019722

Source: CCN
Type: USN-944-1
GNU C Library vulnerabilities

Source: CERT
Type: US Government Resource
TA08-350A

Source: VUPEN
Type: UNKNOWN
ADV-2008-3444

Source: XF
Type: UNKNOWN
bsd-strfmon-overflow(41504)

Source: XF
Type: UNKNOWN
bsd-strfmon-overflow(41504)

Source: SUSE
Type: UNKNOWN
SUSE-SA:2010:052

Source: SUSE
Type: SUSE-SA:2010:052
Linux kernel security update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:freebsd:freebsd:6.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:4.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.0:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • AND
  • cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20081391
    V
    		CVE-2008-1391
    2022-05-20
    oval:org.mitre.oval:def:12941
    P
    		USN-944-1 -- glibc, eglibc vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13533
    P
    		DSA-2058-1 glibc, eglibc -- multiple
    2014-06-23
    oval:org.debian:def:2058
    V
    		multiple vulnerabilities
    2010-06-10
    BACK
    freebsd freebsd 6.0
    freebsd freebsd 6.0 release
    freebsd freebsd 6.0 stable
    freebsd freebsd 6.0_p5_release
    freebsd freebsd 7.0
    freebsd freebsd 7.0 pre-release
    freebsd freebsd 7.0_beta4
    freebsd freebsd 7.0_releng
    netbsd netbsd 4.0
    gnu glibc 2.2.5
    gnu glibc 2.2.1
    freebsd freebsd 6.0 -
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.4.11
    apple mac os x 10.5.1
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    freebsd freebsd 7.0 -
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    netbsd netbsd 4.0
    gnu glibc 2.0
    gnu glibc 2.0.1
    gnu glibc 2.0.2
    gnu glibc 2.0.3
    gnu glibc 2.0.4
    gnu glibc 2.0.5
    gnu glibc 2.0.6
    gnu glibc 2.1
    gnu glibc 2.1.1
    gnu glibc 2.1.1.6
    gnu glibc 2.1.2
    gnu glibc 2.1.3
    gnu glibc 2.1.9
    gnu glibc 2.2
    gnu glibc 2.2.2
    gnu glibc 2.2.3
    gnu glibc 2.2.4
    gnu glibc 2.3
    gnu glibc 2.3.1
    gnu glibc 2.3.10
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    apple mac os x 10.5.4
    apple mac os x server 10.5.4
    gnu glibc 2.1.3.10
    apple mac os x 10.5.5
    apple mac os x server 10.5.5
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    suse linux enterprise server 9
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    debian debian linux 5.0
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010