Published: 10/01/2005 Updated: 19/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

a2ps 4.13 allows remote malicious users to execute arbitrary commands via shell metacharacters in the filename.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu a2ps 4.13b
sun java desktop system 2003
sun java desktop system 2.0
gnu a2ps 4.13
suse suse linux 9.0
suse suse linux 8.2
suse suse linux 8
suse suse linux 9.1
suse suse linux 8.1

source: wwwsecurityfocuscom/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability This issue is due to the application's failure to properly sanitize filenames An attacker might leverage this issue to execute arbitrary shell commands with the privileges of an unsuspecting user running the vulnerab ...

NVD-CWE-Other http://www.securityfocus.com/bid/11025 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html http://bugs.debian.org/283134 http://secunia.com/advisories/12375 http://www.securiteam.com/unixfocus/5MP0N2KDPA.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause=http://www.mandriva.com/security/advisories?name=MDKSA-2004:140 http://marc.info/?l=bugtraq&m=110598355226660&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17127 http://www.securityfocus.com/archive/1/419765/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/24406/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1170

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect