Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1185

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1185
Last Modified 21 Aug 2010 12:22:00
Published 21 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1185

Summary

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

Vulnerable Systems

Application

  • Gnu Enscript 1.3.0

  • Gnu Enscript 1.4.0

  • Gnu Enscript 1.5.0

  • Gnu Enscript 1.6.0

  • Gnu Enscript 1.6.1

  • Gnu Enscript 1.6.2

  • Gnu Enscript 1.6.3


References

CERT - TA09-133A

GENTOO - GLSA-200502-03

DEBIAN - DSA-654

XF - enscript-filename-command-execution(19029)

VUPEN - ADV-2009-1297

REDHAT - RHSA-2005:040

CONFIRM - http://support.apple.com/kb/HT3549

SECUNIA - 35074

APPLE - APPLE-SA-2009-05-12

UBUNTU - USN-68-1

BID - 12329

BUGTRAQ - 20060526 rPSA-2006-0083-1 enscript

FEDORA - FLSA:152892

MANDRAKE - MDKSA-2005:033

SECTRACK - 1012965

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update


Last Updated: 27 May 2016 10:38:56