CVE-2008-3908
Published: 4 September 2008
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.
Notes
Author | Note |
---|---|
jdstrand | per Debian-- 1:3.0-12 had a regression and the patch was slightly updated by 1:3.0-13 to fix this bug |
Priority
Status
Package | Release | Status |
---|---|---|
wordnet Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Released
(1:2.1-4ubuntu0.1)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1:3.0-6ubuntu0.1)
|
|
intrepid |
Released
(1:3.0-11ubuntu0.1)
|
|
jaunty |
Released
(1:3.0-11ubuntu0.1)
|
|
karmic |
Released
(1:3.0-11ubuntu0.1)
|
|
upstream |
Released
(1:3.0-13)
|