Executive Summary

Informations
Name CVE-2008-7224 First vendor Publication 2009-09-14
Vendor Cve Last vendor Modification 2017-09-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7224

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10126
 
Oval ID: oval:org.mitre.oval:def:10126
Title: Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
Description: Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
Family: unix Class: vulnerability
Reference(s): CVE-2008-7224
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13402
 
Oval ID: oval:org.mitre.oval:def:13402
Title: USN-851-1 -- elinks vulnerabilities
Description: Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-851-1
CVE-2006-5925
CVE-2008-7224
 Version: 5
Platform(s): Ubuntu 6.06
 Product(s): elinks
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13608
 
Oval ID: oval:org.mitre.oval:def:13608
Title: DSA-1902-1 elinks -- buffer overflow
Description: Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page. For the old stable distribution, this problem has been fixed in version 0.11.1-1.2etch2. The stable distribution and the unstable distribution already contain a patch for this problem. We recommend that you upgrade your elinks package.
Family: unix Class: patch
Reference(s): DSA-1902-1
CVE-2008-7224
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): elinks
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22914
 
Oval ID: oval:org.mitre.oval:def:22914
Title: ELSA-2009:1471: elinks security update (Important)
Description: Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
Family: unix Class: patch
Reference(s): ELSA-2009:1471-01
CVE-2007-2027
CVE-2008-7224
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): elinks
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28926
 
Oval ID: oval:org.mitre.oval:def:28926
Title: RHSA-2009:1471 -- elinks security update (Important)
Description: An updated elinks package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when rendered. (CVE-2008-7224)
Family: unix Class: patch
Reference(s): RHSA-2009:1471
CESA-2009:1471-CentOS 5
CVE-2007-2027
CVE-2008-7224
 Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): elinks
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7928
 
Oval ID: oval:org.mitre.oval:def:7928
Title: DSA-1902 elinks -- buffer overflow
Description: Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page.
Family: unix Class: patch
Reference(s): DSA-1902
CVE-2008-7224
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): elinks
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for elinks CESA-2009:1471 centos4 i386
File : nvt/gb_CESA-2009_1471_elinks_centos4_i386.nasl
2011-08-09 Name : CentOS Update for elinks CESA-2009:1471 centos5 i386
File : nvt/gb_CESA-2009_1471_elinks_centos5_i386.nasl
2009-10-27 Name : FreeBSD Ports: elinks
File : nvt/freebsd_elinks.nasl
2009-10-27 Name : Ubuntu USN-851-1 (elinks)
File : nvt/ubuntu_851_1.nasl
2009-10-13 Name : Debian Security Advisory DSA 1902-1 (elinks)
File : nvt/deb_1902_1.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1471 (elinks)
File : nvt/ovcesa2009_1471.nasl
2009-10-06 Name : RedHat Security Advisory RHSA-2009:1471
File : nvt/RHSA_2009_1471.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
41949 ELinks entity_cache Function Overflow

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2009-0030.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1471.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20091001_elinks_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1902.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1471.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_2544f543c17811deb175001cc0377035.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-851-1.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1471.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347
MLIST http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html
OSVDB http://osvdb.org/41949
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:08:55
  • Multiple Updates
2021-04-22 01:09:14
  • Multiple Updates
2020-05-23 00:23:07
  • Multiple Updates
2017-09-29 09:24:00
  • Multiple Updates
2016-06-28 17:32:25
  • Multiple Updates
2016-04-26 18:31:22
  • Multiple Updates
2014-11-27 13:27:24
  • Multiple Updates
2014-02-17 10:48:05
  • Multiple Updates
2013-05-11 00:38:45
  • Multiple Updates