Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for ed by gnu
FKIE_CVE-2017-5357
Vulnerability from fkie_nvd - Published: 2017-02-17 02:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 25 | |
| gnu | ed | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:ed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67BE59ED-6ADD-42C3-921B-A9C62B31D301",
"versionEndIncluding": "1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free."
},
{
"lang": "es",
"value": "regex.c en GNU ed en versiones anteriores a 1.14.1 permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un comando mal formado, que desencadena una liberaci\u00f3n no v\u00e1lida."
}
],
"id": "CVE-2017-5357",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T02:59:14.267",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95422"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3916
Vulnerability from fkie_nvd - Published: 2008-09-04 18:41 - Updated: 2026-04-23 00:35
Severity ?
Summary
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:ed:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDC2AA-D846-4CC3-9A9A-58E9F97DB868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D20E634A-5BAA-4B62-AA57-4C1082AA23C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCE07A7-B6F9-44E5-BDBC-D49EB4856D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1825BAFA-D696-458D-A992-997AF5EAAA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AAED7141-9F2C-46CD-8F22-8D76271559D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EBF50-0410-40FE-9D1E-B82D77FE100D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DED055D1-3CC7-4A3A-84DE-4AC35D2BA16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7F591660-794F-4FE0-8D57-AC439D482EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00edculo en la Funci\u00f3n strip_escapes en signal.c en GNU ed 1.0, permite a atacantes asistidos por el usuario o dependientes de contexto, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de archivo largo. NOTA: puesto que ed no se ejecuta con privilegios especiales, esta cuesti\u00f3n solo afecta a los privilegios de la aplicaci\u00f3n ed cuando se encuentra a\u00f1adido en una aplicaci\u00f3n de terceros."
}
],
"evaluatorComment": "http://xforce.iss.net/xforce/xfdb/44643\r\n\r\n\"GNU ed is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the strip_escapes() function. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.\"",
"id": "CVE-2008-3916",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-04T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32349"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32460"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33005"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30815"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020734"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6939
Vulnerability from fkie_nvd - Published: 2007-01-17 00:28 - Updated: 2026-04-23 00:35
Severity ?
Summary
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:ed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081BF0E7-B118-433F-A86D-EC66409A1C96",
"versionEndIncluding": "0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
},
{
"lang": "es",
"value": "GNU ed anterior a 0.3 permite a usuarios locales sobrescribir archivos de su elecci\u00f3n mediante un ataque de enlace simb\u00f3lico en ficheros temporales, posiblemente en la funci\u00f3n open_sbuf."
}
],
"id": "CVE-2006-6939",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-17T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2449"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2450"
},
{
"source": "cve@mitre.org",
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23832"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23848"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23857"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24054"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22129"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-962"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.\n",
"lastModified": "2007-01-18T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2000-1137
Vulnerability from fkie_nvd - Published: 2001-01-09 05:00 - Updated: 2026-04-16 00:27
Severity ?
Summary
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:ed:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B99B8A89-1278-40CF-9ED9-2D46E7E288D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:2.16tr:*:*:*:*:*:*:*",
"matchCriteriaId": "103C2F3C-3E99-4E3A-A4A9-612C693DCBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2D340B1E-B564-458C-AE06-F5BE1937A4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:ed:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADD11EF-0274-4AAF-A346-FBC91156BE82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
],
"id": "CVE-2000-1137",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-01-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2000/20001129"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6491"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2000/20001129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-5357 (GCVE-0-2017-5357)
Vulnerability from cvelistv5 – Published: 2017-02-16 18:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2017-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170112 invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"name": "[Bug-ed] 20170108 invalid free on malformed commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"name": "FEDORA-2017-f87674ad41",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"name": "95422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95422"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-16T19:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20170112 invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"name": "[Bug-ed] 20170108 invalid free on malformed commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"name": "FEDORA-2017-f87674ad41",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"name": "95422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95422"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170112 invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"name": "[Bug-ed] 20170108 invalid free on malformed commands",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"name": "FEDORA-2017-f87674ad41",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"name": "95422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95422"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-5357",
"datePublished": "2017-02-16T18:00:00.000Z",
"dateReserved": "2017-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3916 (GCVE-0-2008-3916)
Vulnerability from cvelistv5 – Published: 2008-09-04 18:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2008-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2008-3347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"name": "oval:org.mitre.oval:def:10678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"name": "RHSA-2008:0946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "30815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30815"
},
{
"name": "FEDORA-2008-9263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"name": "gnued-stripescapes-bo(44643)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"name": "ADV-2008-2642",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"name": "FEDORA-2008-9236",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"name": "[bug-ed] 20080821 Version 1.0 of GNU ed released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"name": "MDVSA-2008:200",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"name": "33005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33005"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1020734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020734"
},
{
"name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"name": "32349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32349"
},
{
"name": "GLSA-200809-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"name": "32460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32460"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2008-3347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"name": "oval:org.mitre.oval:def:10678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"name": "RHSA-2008:0946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "30815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30815"
},
{
"name": "FEDORA-2008-9263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"name": "gnued-stripescapes-bo(44643)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"name": "ADV-2008-2642",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"name": "FEDORA-2008-9236",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"name": "[bug-ed] 20080821 Version 1.0 of GNU ed released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"name": "MDVSA-2008:200",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"name": "33005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33005"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1020734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020734"
},
{
"name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"name": "32349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32349"
},
{
"name": "GLSA-200809-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"name": "32460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32460"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2008-3347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"name": "oval:org.mitre.oval:def:10678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"name": "RHSA-2008:0946",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "30815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30815"
},
{
"name": "FEDORA-2008-9263",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"name": "gnued-stripescapes-bo(44643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"name": "ADV-2008-2642",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"name": "FEDORA-2008-9236",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"name": "[bug-ed] 20080821 Version 1.0 of GNU ed released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"name": "MDVSA-2008:200",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"name": "33005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33005"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1020734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020734"
},
{
"name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"name": "32349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32349"
},
{
"name": "GLSA-200809-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"name": "32460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32460"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3916",
"datePublished": "2008-09-04T18:00:00.000Z",
"dateReserved": "2008-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:41.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6939 (GCVE-0-2006-6939)
Vulnerability from cvelistv5 – Published: 2007-01-17 00:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2006-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnued-opensbuf-symlink(30374)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name": "MDKSA-2007:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name": "2007-0005",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name": "23832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23832"
},
{
"name": "23857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23857"
},
{
"name": "FEDORA-2007-099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name": "23848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23848"
},
{
"name": "22129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name": "FEDORA-2007-100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name": "24054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24054"
},
{
"name": "ADV-2006-4573",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnued-opensbuf-symlink(30374)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name": "MDKSA-2007:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name": "2007-0005",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name": "23832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23832"
},
{
"name": "23857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23857"
},
{
"name": "FEDORA-2007-099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name": "23848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23848"
},
{
"name": "22129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name": "FEDORA-2007-100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name": "24054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24054"
},
{
"name": "ADV-2006-4573",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnued-opensbuf-symlink(30374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name": "MDKSA-2007:023",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name": "2007-0005",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name": "23832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23832"
},
{
"name": "23857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23857"
},
{
"name": "FEDORA-2007-099",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name": "23848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23848"
},
{
"name": "22129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name": "FEDORA-2007-100",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name": "24054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24054"
},
{
"name": "ADV-2006-4573",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"name": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"name": "https://issues.rpath.com/browse/RPL-962",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6939",
"datePublished": "2007-01-17T00:00:00.000Z",
"dateReserved": "2007-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1137 (GCVE-0-2000-1137)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:45
VLAI?
Summary
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2000-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:359-2",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:359-2",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:359-2",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1137",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5357 (GCVE-0-2017-5357)
Vulnerability from nvd – Published: 2017-02-16 18:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2017-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170112 invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"name": "[Bug-ed] 20170108 invalid free on malformed commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"name": "FEDORA-2017-f87674ad41",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"name": "95422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95422"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-16T19:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20170112 invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"name": "[Bug-ed] 20170108 invalid free on malformed commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"name": "FEDORA-2017-f87674ad41",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"name": "95422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95422"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170112 invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/5"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/6"
},
{
"name": "[Bug-ed] 20170108 invalid free on malformed commands",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html"
},
{
"name": "FEDORA-2017-f87674ad41",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/"
},
{
"name": "95422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95422"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/12/7"
},
{
"name": "[oss-security] 20170112 Re: invalid free in GNU ed before 1.14.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/13/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-5357",
"datePublished": "2017-02-16T18:00:00.000Z",
"dateReserved": "2017-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3916 (GCVE-0-2008-3916)
Vulnerability from nvd – Published: 2008-09-04 18:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2008-3347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"name": "oval:org.mitre.oval:def:10678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"name": "RHSA-2008:0946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "30815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30815"
},
{
"name": "FEDORA-2008-9263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"name": "gnued-stripescapes-bo(44643)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"name": "ADV-2008-2642",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"name": "FEDORA-2008-9236",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"name": "[bug-ed] 20080821 Version 1.0 of GNU ed released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"name": "MDVSA-2008:200",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"name": "33005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33005"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1020734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020734"
},
{
"name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"name": "32349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32349"
},
{
"name": "GLSA-200809-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"name": "32460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32460"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2008-3347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"name": "oval:org.mitre.oval:def:10678",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"name": "RHSA-2008:0946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "30815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30815"
},
{
"name": "FEDORA-2008-9263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"name": "gnued-stripescapes-bo(44643)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"name": "ADV-2008-2642",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"name": "FEDORA-2008-9236",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"name": "[bug-ed] 20080821 Version 1.0 of GNU ed released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"name": "MDVSA-2008:200",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"name": "33005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33005"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1020734",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020734"
},
{
"name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"name": "32349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32349"
},
{
"name": "GLSA-200809-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"name": "32460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32460"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2008-3347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3347"
},
{
"name": "oval:org.mitre.oval:def:10678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10678"
},
{
"name": "RHSA-2008:0946",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0946.html"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "30815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30815"
},
{
"name": "FEDORA-2008-9263",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00873.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-461.htm"
},
{
"name": "gnued-stripescapes-bo(44643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44643"
},
{
"name": "ADV-2008-2642",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2642"
},
{
"name": "FEDORA-2008-9236",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00847.html"
},
{
"name": "[bug-ed] 20080821 Version 1.0 of GNU ed released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html"
},
{
"name": "MDVSA-2008:200",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:200"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0003.html"
},
{
"name": "33005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33005"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1020734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020734"
},
{
"name": "20090227 VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501298/100/0/threaded"
},
{
"name": "32349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32349"
},
{
"name": "GLSA-200809-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-15.xml"
},
{
"name": "32460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32460"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3916",
"datePublished": "2008-09-04T18:00:00.000Z",
"dateReserved": "2008-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:41.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6939 (GCVE-0-2006-6939)
Vulnerability from nvd – Published: 2007-01-17 00:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2006-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnued-opensbuf-symlink(30374)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name": "MDKSA-2007:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name": "2007-0005",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name": "23832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23832"
},
{
"name": "23857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23857"
},
{
"name": "FEDORA-2007-099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name": "23848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23848"
},
{
"name": "22129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name": "FEDORA-2007-100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name": "24054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24054"
},
{
"name": "ADV-2006-4573",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnued-opensbuf-symlink(30374)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name": "MDKSA-2007:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name": "2007-0005",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name": "23832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23832"
},
{
"name": "23857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23857"
},
{
"name": "FEDORA-2007-099",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name": "23848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23848"
},
{
"name": "22129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name": "FEDORA-2007-100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name": "24054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24054"
},
{
"name": "ADV-2006-4573",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnued-opensbuf-symlink(30374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374"
},
{
"name": "MDKSA-2007:023",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023"
},
{
"name": "2007-0005",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0005"
},
{
"name": "23832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23832"
},
{
"name": "23857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23857"
},
{
"name": "FEDORA-2007-099",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2449"
},
{
"name": "23848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23848"
},
{
"name": "22129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22129"
},
{
"name": "FEDORA-2007-100",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2450"
},
{
"name": "24054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24054"
},
{
"name": "ADV-2006-4573",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4573"
},
{
"name": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/ed/?branch_id=17855\u0026release_id=240890"
},
{
"name": "https://issues.rpath.com/browse/RPL-962",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6939",
"datePublished": "2007-01-17T00:00:00.000Z",
"dateReserved": "2007-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:42:07.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1137 (GCVE-0-2000-1137)
Vulnerability from nvd – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:45
VLAI?
Summary
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2000-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2000:359-2",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2000:359-2",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2000:359-2",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000359"
},
{
"name": "gnu-ed-symlink(5723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5723"
},
{
"name": "6491",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6491"
},
{
"name": "MDKSA-2000:076",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3"
},
{
"name": "RHSA-2000:123",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-123.html"
},
{
"name": "20001129 DSA-001-1 ed: symlink attack",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1137",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}