Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-3533 | First vendor Publication | 2008-08-18 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:17784 | |||
| Oval ID: | oval:org.mitre.oval:def:17784 | ||
| Title: | USN-638-1 -- yelp vulnerability | ||
| Description: | Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-638-1 CVE-2008-3533 | Version: | 7 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.04 | Product(s): | yelp |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for yelp MDVSA-2008:175 (yelp) File : nvt/gb_mandriva_MDVSA_2008_175.nasl |
| 2009-03-23 | Name : Ubuntu Update for yelp vulnerability USN-638-1 File : nvt/gb_ubuntu_USN_638_1.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-7293 File : nvt/gb_fedora_2008_7293_yelp_fc8.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200809-01 (yelp) File : nvt/glsa_200809_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 47513 | Yelp yelp-window.c gtk_message_dialog Crafted URI Format String |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_yelp-081024.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-175.nasl - Type : ACT_GATHER_INFO |
| 2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7293.nasl - Type : ACT_GATHER_INFO |
| 2008-09-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-01.nasl - Type : ACT_GATHER_INFO |
| 2008-08-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-638-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:13:41 |
|
| 2024-11-28 12:16:14 |
|
| 2024-11-20 00:20:54 |
|
| 2021-05-04 12:07:53 |
|
| 2021-04-22 01:08:14 |
|
| 2020-05-23 00:22:05 |
|
| 2017-08-08 09:24:18 |
|
| 2016-04-26 17:42:56 |
|
| 2014-02-17 10:45:59 |
|
| 2013-05-11 00:23:01 |
|
