Vulnerabilities > CVE-2008-4306 - Unspecified vulnerability in Ubuntu Linux

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ubuntu
nessus

Summary

Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.

Vulnerable Configurations

Part Description Count
OS
Ubuntu
4

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1016.NASL
    descriptionAn updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id35178
    published2008-12-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35178
    titleRHEL 5 : enscript (RHSA-2008:1016)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:1016. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35178);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-3863", "CVE-2008-4306");
      script_bugtraq_id(31858);
      script_xref(name:"RHSA", value:"2008:1016");
    
      script_name(english:"RHEL 5 : enscript (RHSA-2008:1016)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated enscript packages that fixes several security issues is now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    GNU enscript converts ASCII files to PostScript(R) language files and
    spools the generated output to a specified printer or saves it to a
    file. Enscript can be extended to handle different output media and
    includes options for customizing printouts.
    
    Two buffer overflow flaws were found in GNU enscript. An attacker
    could craft an ASCII file in such a way that it could execute
    arbitrary commands if the file was opened with enscript with the
    'special escapes' option (-e or --escapes) enabled. (CVE-2008-3863,
    CVE-2008-4306)
    
    All users of enscript should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:1016"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected enscript package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:enscript");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:1016";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"enscript-1.6.4-4.1.1.el5_2")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"enscript-1.6.4-4.1.1.el5_2")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"enscript-1.6.4-4.1.1.el5_2")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "enscript");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9351.NASL
    descriptionThere were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34702
    published2008-11-06
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34702
    titleFedora 8 : enscript-1.6.4-9.fc8 (2008-9351)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-243.NASL
    descriptionTwo buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled (CVE-2008-3863, CVE-2008-4306). The updated packages have been patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36321
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36321
    titleMandriva Linux Security Advisory : enscript (MDVSA-2008:243)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-660-1.NASL
    descriptionUlf Harnhammar discovered multiple stack overflows in enscript
    last seen2020-06-01
    modified2020-06-02
    plugin id38023
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38023
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : enscript vulnerability (USN-660-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081215_ENSCRIPT_ON_SL3_X.NASL
    descriptionSeveral buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id60504
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60504
    titleScientific Linux Security Update : enscript on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A1126054B57C11DD88920017319806E7.NASL
    descriptionUlf Harnhammar of Secunia Research reports : Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
    last seen2020-06-01
    modified2020-06-02
    plugin id34817
    published2008-11-19
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34817
    titleFreeBSD : enscript -- arbitrary code execution vulnerability (a1126054-b57c-11dd-8892-0017319806e7)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-1016.NASL
    descriptionAn updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id43718
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43718
    titleCentOS 5 : enscript (CESA-2008:1016)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9372.NASL
    descriptionThere were found various buffer overflows in enscript. This update fixes CVE-2008-3863 and CVE-2008-4306 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34705
    published2008-11-06
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34705
    titleFedora 9 : enscript-1.6.4-10.fc9 (2008-9372)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1670.NASL
    descriptionSeveral vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3863 Ulf Harnhammer discovered that a buffer overflow may lead to the execution of arbitrary code. - CVE-2008-4306 Kees Cook and Tomas Hoger discovered that several buffer overflows may lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34949
    published2008-11-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34949
    titleDebian DSA-1670-1 : enscript - buffer overflows
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-1016.NASL
    descriptionFrom Red Hat Security Advisory 2008:1016 : An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id67771
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67771
    titleOracle Linux 5 : enscript (ELSA-2008-1016)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1021.NASL
    descriptionAn updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Several buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id35180
    published2008-12-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35180
    titleRHEL 2.1 / 3 / 4 : enscript (RHSA-2008:1021)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-1021.NASL
    descriptionAn updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Several buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id35172
    published2008-12-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35172
    titleCentOS 3 / 4 : enscript (CESA-2008:1021)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-1021.NASL
    descriptionFrom Red Hat Security Advisory 2008:1021 : An updated enscript packages that fixes several security issues is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Several buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the
    last seen2020-06-01
    modified2020-06-02
    plugin id67773
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67773
    titleOracle Linux 3 / 4 : enscript (ELSA-2008-1021)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200812-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200812-02 (enscript: User-assisted execution of arbitrary code) Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id35019
    published2008-12-03
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35019
    titleGLSA-200812-02 : enscript: User-assisted execution of arbitrary code

Oval

accepted2013-04-29T04:08:02.346-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionBuffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
familyunix
idoval:org.mitre.oval:def:10718
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
version27

Redhat

advisories
  • bugzilla
    id469311
    title special escape buffer overflows
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentenscript is earlier than 0:1.6.4-4.1.1.el5_2
        ovaloval:com.redhat.rhsa:tst:20081016001
      • commentenscript is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20081016002
    rhsa
    idRHSA-2008:1016
    released2008-12-15
    severityModerate
    titleRHSA-2008:1016: enscript security update (Moderate)
  • rhsa
    idRHSA-2008:1021
rpms
  • enscript-0:1.6.4-4.1.1.el5_2
  • enscript-debuginfo-0:1.6.4-4.1.1.el5_2
  • enscript-0:1.6.1-16.7
  • enscript-0:1.6.1-24.7
  • enscript-0:1.6.1-33.el4_7.1
  • enscript-debuginfo-0:1.6.1-24.7
  • enscript-debuginfo-0:1.6.1-33.el4_7.1