CVE-2008-3533 - OpenCVE

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Gnome Yelp

Configuration 1 [-]

cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:gnome:gnome:2.20:::::::*
	cpe:2.3:a:gnome:gnome:2.22:::::::*

References

Link	Resource
http://bugzilla.gnome.org/attachment.cgi?id=115890	Exploit
http://bugzilla.gnome.org/show_bug.cgi?id=546364	Exploit Patch
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31465	Vendor Advisory
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2008-08-18T17:15:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-08-07T00:00:00

Link: CVE-2008-3533

JSON object: View

NVD Information

Status : Modified

Published: 2008-08-18T17:41:00.000

Modified: 2017-08-08T01:31:57.607

Link: CVE-2008-3533

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"}, {"name": "31465", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31465"}, {"name": "30690", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30690"}, {"name": "SUSE-SR:2008:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"name": "31620", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31620"}, {"name": "USN-638-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-638-1"}, {"name": "32629", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32629"}, {"name": "yelp-uri-format-string(44449)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"}, {"name": "31834", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31834"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"}, {"name": "ADV-2008-2393", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2393"}, {"name": "FEDORA-2008-7293", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"}, {"name": "MDVSA-2008:175", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2008-3533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugzilla.gnome.org/attachment.cgi?id=115890", "refsource": "CONFIRM", "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"}, {"name": "31465", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31465"}, {"name": "30690", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30690"}, {"name": "SUSE-SR:2008:024", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"name": "31620", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31620"}, {"name": "USN-638-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-638-1"}, {"name": "32629", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32629"}, {"name": "yelp-uri-format-string(44449)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"}, {"name": "31834", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31834"}, {"name": "http://bugzilla.gnome.org/show_bug.cgi?id=546364", "refsource": "CONFIRM", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"}, {"name": "ADV-2008-2393", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2393"}, {"name": "FEDORA-2008-7293", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"}, {"name": "MDVSA-2008:175", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"}]}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2008-3533", "datePublished": "2008-08-18T17:15:00", "dateReserved": "2008-08-07T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0711AF7-6FCD-4311-8D62-E02900BED8B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome:2.20:*:*:*:*:*:*:*", "matchCriteriaId": "B99DE8F3-3B18-4A57-9E28-849A81884256", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:gnome:2.22:*:*:*:*:*:*:*", "matchCriteriaId": "BCF0421C-DC15-4ED7-8F21-B92974D09E82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en la funci\u00f3n window_error de yelp-window.c en yelp de Gnome despu\u00e9s de 2.19.90 y antes de 2.24 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de formato de cadena en un URI no v\u00e1lido en l\u00ednea de comandos, como se demostr\u00f3 utilizando yelp en los controladores URI (1) man o (2) ghelp en Firefox, Evolution y otros programas no especificados."}], "id": "CVE-2008-3533", "lastModified": "2017-08-08T01:31:57.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-08-18T17:41:00.000", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit"], "url": "http://bugzilla.gnome.org/attachment.cgi?id=115890"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Patch"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=546364"}, {"source": "security@ubuntu.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31465"}, {"source": "security@ubuntu.com", "url": "http://secunia.com/advisories/31620"}, {"source": "security@ubuntu.com", "url": "http://secunia.com/advisories/31834"}, {"source": "security@ubuntu.com", "url": "http://secunia.com/advisories/32629"}, {"source": "security@ubuntu.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"}, {"source": "security@ubuntu.com", "url": "http://www.securityfocus.com/bid/30690"}, {"source": "security@ubuntu.com", "url": "http://www.ubuntu.com/usn/usn-638-1"}, {"source": "security@ubuntu.com", "url": "http://www.vupen.com/english/advisories/2008/2393"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Patch"], "url": "https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"}, {"source": "security@ubuntu.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"}, {"source": "security@ubuntu.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"}], "sourceIdentifier": "security@ubuntu.com", "vendorComments": [{"comment": "This issue does not affect the versions of the yelp package, as shipped with Red Hat Enterprise Linux 3, 4 and 5.", "lastModified": "2008-08-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}