LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ed: heap-based buffer overflow

Package(s):ed CVE #(s):CVE-2008-3916
Created:September 23, 2008 Updated:January 25, 2011
Description: From the Mandriva advisory: A heap-based buffer overflow was found in GNU ed that allowed context-dependent or user-assisted attackers to execute arbitrary code via a long filename
Alerts:
openSUSE openSUSE-SU-2011:0017-1 2011-01-10
SUSE SUSE-SR:2011:002 2011-01-25
openSUSE openSUSE-SU-2010:1084-1 2010-12-21
Fedora FEDORA-2008-9263 2008-10-30
Fedora FEDORA-2008-9236 2008-10-30
CentOS CESA-2008:0946 2008-10-21
Red Hat RHSA-2008:0946-01 2008-10-21
Gentoo 200809-15 2008-09-23
Mandriva MDVSA-2008:200 2007-09-22
(Log in to post comments)

ed: heap-based buffer overflow

Posted Sep 25, 2008 2:21 UTC (Thu) by tetromino (subscriber, #33846) [Link]

> context-dependent or user-assisted attackers

Are you saying ed actually has users?

ed: heap-based buffer overflow

Posted Sep 25, 2008 12:39 UTC (Thu) by eru (subscriber, #2753) [Link]

Are you saying ed actually has users?

I think I have seen scripts using it, although not very recently. Note also there still exists a "diff -e" option that generates an ed script.

Besides, how else can you edit if you need to use a paper terminal...

ed: heap-based buffer overflow

Posted Sep 25, 2008 15:25 UTC (Thu) by zmower (subscriber, #3005) [Link]

Ed must have users beacuse it's the standard editor after all :

http://www.gnu.org/fun/jokes/ed.msg.html

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds