Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1377

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-1377
Last Modified 05 Sep 2008 04:41:11
Published 27 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1377

Summary

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Systems

Operating System

  • Turbolinux Home

  • Turbolinux Server 7.0

  • Turbolinux Server 8.0

  • Turbolinux Workstation 7.0

  • Turbolinux Workstation 8.0

Application

  • Gnu A2ps 4.13

  • Gnu A2ps 4.13b


References

BID - 12109

BID - 12108

GENTOO - GLSA-200501-02

XF - gnu-a2ps-psmanupin-symlink(18672)

XF - gnu-a2ps-fixpsin-symlink(18671)

CONFIRM - http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html

SECUNIA - 13641


Last Updated: 27 May 2016 10:39:01