CVE-2008-3229

op < Changeset 563 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43836
Exploit x_refsource_confirm
http://swapoff.org/changeset/563
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31103
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30226
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/07/12/4

Scores

EPSS 0.0043
EPSS Percentile 35.0%

Details

CWE
CWE-119
Status published
Products (15)
swapoff/op 1.1.10
swapoff/op 1.1.19
swapoff/op 1.20
swapoff/op 1.21
swapoff/op 1.22
swapoff/op 1.23
swapoff/op 1.24
swapoff/op 1.25
swapoff/op 1.26
swapoff/op 1.27
... and 5 more
Published Jul 18, 2008
Tracked Since Feb 18, 2026