|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
m4: code execution
Synthesis of the vulnerability
Two vulnerabilities of m4 can be used by an attacker to execute macros or code.
Vulnerable systems: Slackware, Unix (platform) ~ not comprehensive.
Severity of this threat: 1/4.
Consequences of an attack: user access/rights.
Pirate's origin: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/04/2008.
Références of this weakness: BID-28688, CVE-2008-1687, CVE-2008-1688, SSA:2008-098-01, VIGILANCE-VUL-7736.
Description of the vulnerability
The m4 program interprets text files in order to generate a result. This interpreter has two vulnerabilities.
The maketemp and mkstemp macros generate random filenames. It is possible, but unlikely, that the generated name is the name of a macro. When these names are used, they thus have to be handled as a string between quote characters. However, this is not the case, thus the associated macro can be executed. [severity:1/4; CVE-2008-1687]
The "-F" option introduced in version 1.4 can be used to save the internal state in a ".m4f" file. When it is used with file names containing format characters, a format attack can occur and lead to code execution. [severity:1/4; CVE-2008-1688]
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities note. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.