CVE 2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/
Related bugs and status
CVE-2008-1391 (Candidate) is related to these bugs:
Bug #392501: readdir_r smashes stack on long dir entry
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | GLibC | Medium | Fix Released | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu) | Medium | Fix Released | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Hardy) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Hardy) | Medium | Fix Released | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Lucid) | Medium | Fix Released | ||
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Lucid) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Karmic) | Medium | Fix Released | ||
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Karmic) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Intrepid) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Intrepid) | Medium | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Dapper) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Dapper) | Medium | Fix Released | ||
| 392501 | readdir_r smashes stack on long dir entry | eglibc (Ubuntu Jaunty) | Undecided | Invalid | ||
| 392501 | readdir_r smashes stack on long dir entry | glibc (Ubuntu Jaunty) | Medium | Fix Released | ||
Bug #542197: Memory corruption in ld.so
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 542197 | Memory corruption in ld.so | glibc (Ubuntu) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | glibc (Ubuntu Intrepid) | Low | Won't Fix | ||
| 542197 | Memory corruption in ld.so | glibc (Ubuntu Hardy) | Low | Fix Released | ||
| 542197 | Memory corruption in ld.so | glibc (Ubuntu Karmic) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | glibc (Ubuntu Dapper) | Low | Fix Released | ||
| 542197 | Memory corruption in ld.so | glibc (Ubuntu Lucid) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | glibc (Ubuntu Jaunty) | Low | Fix Released | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu) | Low | Fix Released | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu Dapper) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu Hardy) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu Intrepid) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu Jaunty) | Undecided | Invalid | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu Karmic) | Low | Fix Released | ||
| 542197 | Memory corruption in ld.so | eglibc (Ubuntu Lucid) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
