Published: 05/04/2014 Updated: 01/05/2014

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The tempname_ensure function in lib/routines.h in a2ps 4.14 and previous versions, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu a2ps 4.10.4
gnu a2ps
gnu a2ps 4.13b
gnu a2ps 4.13
gnu a2ps 4.10.3
gnu a2ps 4.12

Debian Bug report logs - #737385 a2ps: CVE-2001-1593: insecure use of /tmp Package: a2ps; Maintainer for a2ps is Debian QA Group <packages@qadebianorg>; Source for a2ps is src:a2ps (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Sun, 2 Feb 2014 10:45:06 UTC Severity: important Tags: securit ...

Debian Bug report logs - #742902 a2ps: CVE-2014-0466: does not invoke gs with -dSAFER Package: a2ps; Maintainer for a2ps is Debian QA Group <packages@qadebianorg>; Source for a2ps is src:a2ps (PTS, buildd, popcon) Reported by: "brian m carlson" <sandals@crustytoothpastenet> Date: Fri, 28 Mar 2014 20:06:02 UTC Se ...

Several vulnerabilities have been found in a2ps, an Anything to PostScript converter and pretty-printer The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spy_user function which is called when a2ps is invoked with the --debug flag insecurely used temporary files CVE-2014-0466 Brian ...

CWE-59 https://bugzilla.redhat.com/show_bug.cgi?id=1060630 http://seclists.org/oss-sec/2014/q1/253 http://www.debian.org/security/2014/dsa-2892 http://seclists.org/oss-sec/2014/q1/237 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385 http://seclists.org/oss-sec/2014/q1/257 http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385 https://www.debian.org/security/./dsa-2892

CVE-2001-1593

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect