Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3916 to the following vulnerability: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component. References: http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html http://marc.info/?l=oss-security&m=122018171619930&w=4 http://www.openwall.com/lists/oss-security/2008/08/31/1 http://www.openwall.com/lists/oss-security/2008/09/01/2 http://www.openwall.com/lists/oss-security/2008/09/01/3 http://www.openwall.com/lists/oss-security/2008/09/04/21 http://www.openwall.com/lists/oss-security/2008/09/04/22 http://www.openwall.com/lists/oss-security/2008/09/04/24
This issue affects all versions of the ed package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 and all versions of the ed packages, as shipped within Fedora releases of 8, 9 and 10.
Created attachment 319740 [details] Proposed patch to resolve the ed heap overflow issue. Proposed patch (it was generated by comparing changes in signal.c between 0.9 and 1.0 versions of ed. Please ensure, no additional changes (i.e. changes in "resize_buffer" function) are needed to resolve this issue).
https://www.redhat.com/security/data/cve/CVE-2008-3916.html