This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnu | First view | 2008-04-09 |
| Product | m4 | Last view | 2008-04-09 |
| Version | 1.4.10 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnu:m4 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2008-04-09 | CVE-2008-1688 | Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. |
| 7.5 | 2008-04-09 | CVE-2008-1687 | The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 44692 | GNU m4 -F Parameter Filename Handling Unspecified Code Execution |
| 44273 | GNU M4 maketemp / mkstemp Macros Output String Arbitrary File Processing |
OpenVAS Exploits
| id | Description |
|---|---|
| 0000-00-00 | Name : Slackware Advisory SSA:2008-098-01 m4 File : nvt/esoft_slk_ssa_2008_098_01.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2008-04-11 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2008-098-01.nasl - Type: ACT_GATHER_INFO |
