CVE-2008-5660

Опубликовано: 17 дек. 2008

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

Ссылки

http://secunia.com/advisories/33041
Vendor Advisory
http://secunia.com/advisories/33046
Vendor Advisory
http://secunia.com/advisories/33082
Vendor Advisory
http://www.coresecurity.com/content/vinagre-format-string
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2008:240
Vendor Advisory
http://www.securityfocus.com/archive/1/499057/100/0/threaded
http://www.ubuntu.com/usn/usn-689-1
Vendor Advisory
http://www.vupen.com/english/advisories/2008/3362
https://bugzilla.redhat.com/show_bug.cgi?id=475070
https://www.exploit-db.com/exploits/7401
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html
http://secunia.com/advisories/33041
Vendor Advisory
http://secunia.com/advisories/33046
Vendor Advisory
http://secunia.com/advisories/33082
Vendor Advisory
http://www.coresecurity.com/content/vinagre-format-string
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2008:240
Vendor Advisory
http://www.securityfocus.com/archive/1/499057/100/0/threaded
http://www.ubuntu.com/usn/usn-689-1
Vendor Advisory
http://www.vupen.com/english/advisories/2008/3362

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnome:vinagre:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.90:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.91:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.23.92:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.24.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:vinagre:2.24.1:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01374

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-134

Связанные уязвимости

CVE-2008-5660

ubuntu

около 17 лет назад

CVE-2008-5660

debian

около 17 лет назад

Format string vulnerability in the vinagre_utils_show_error function ( ...

GHSA-qq3g-2vhj-h4wr

github

больше 3 лет назад

BDU:2015-09371

fstec

почти 17 лет назад

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 80%

0.01374

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-134