Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1170

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1170
Last Modified 10 Sep 2008 03:29:26
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1170

Summary

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

Vulnerable Systems

Operating System

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

Application

  • Gnu A2ps 4.13

  • Gnu A2ps 4.13b

  • Sun Java Desktop System 2.0

  • Sun Java Desktop System 2003


References

BID - 11025

FULLDISC - 20040824 a2ps executing shell commands from file name

XF - gnu-a2ps-gain-privileges(17127)

MISC - http://www.securiteam.com/unixfocus/5MP0N2KDPA.html

SUSE - SUSE-SA:2004:034

SECUNIA - 12375

CONFIRM - http://bugs.debian.org/283134

FEDORA - FLSA:152870

MANDRAKE - MDKSA-2004:140

SUNALERT - 57649

OPENPKG - OpenPKG-SA-2005.003


Last Updated: 27 May 2016 10:38:55