cpe:/o:freebsd:freebsd:6.0 cpe:/o:freebsd:freebsd:6.0:release cpe:/o:freebsd:freebsd:6.0:stable cpe:/o:freebsd:freebsd:6.0_p5_release cpe:/o:freebsd:freebsd:7.0 cpe:/o:freebsd:freebsd:7.0:pre-release cpe:/o:freebsd:freebsd:7.0_beta4 cpe:/o:freebsd:freebsd:7.0_releng cpe:/o:netbsd:netbsd:4.0 CVE-2008-1391 2008-03-27T13:44:00.000-04:00 2017-08-07T21:30:08.027-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-28T18:03:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1019722 SREASONRES 20080325 *BSD libc (strfmon) Multiple vulnerabilities BUGTRAQ 20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities BID 28479 SECUNIA 29574 SECUNIA 33179 SREASON 3770 VUPEN ADV-2008-3444 APPLE APPLE-SA-2008-12-15 DEBIAN DSA-2058 SUSE SUSE-SA:2010:052 CERT TA08-350A XF bsd-strfmon-overflow(41504) CONFIRM http://support.apple.com/kb/HT3338 Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.