CVE-2008-1391

Publication date 27 March 2008

Last updated 24 July 2024

Ubuntu priority

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 2.10.1-0ubuntu17
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
glibc	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Fixed 2.9-4ubuntu6.2
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 2.7-10ubuntu6
	6.06 LTS dapper	Fixed 2.3.6-0ubuntu20.6

Notes

kees

originally limited to NetBSD php -r 'money_format("%1073741821i",1);' php -r 'money_format("%#1073741821i",1);' php -r 'money_format("%.1073741821i",1);'

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
eglibc	Proposed: http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c.diff?r1=1.6&r2=1.7 Upstream: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d
glibc	Proposed: http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c.diff?r1=1.6&r2=1.7 Upstream: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d

References

Related Ubuntu Security Notices (USN)