CVE-2008-3908
Published: 4 September 2008
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian-- 1:3.0-12 had a regression and the patch was slightly updated by 1:3.0-13 to fix this bug |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
wordnet Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| feisty |
Released
(1:2.1-4ubuntu0.1)
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Released
(1:3.0-6ubuntu0.1)
|
|
| intrepid |
Released
(1:3.0-11ubuntu0.1)
|
|
| jaunty |
Released
(1:3.0-11ubuntu0.1)
|
|
| karmic |
Released
(1:3.0-11ubuntu0.1)
|
|
| upstream |
Released
(1:3.0-13)
|