Published: 21/01/2005 Updated: 19/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu enscript 1.5
gnu enscript 1.6.3
gnu enscript 1.6.4
gnu enscript 1.6.1
gnu enscript 1.6.2
gnu enscript 1.6
gnu enscript 1.4
sgi propack 3.0
suse suse linux 3.0
suse suse linux 4.0
suse suse linux 4.2
suse suse linux 5.3
suse suse linux 6.0
suse suse linux 6.4
suse suse linux 7.1
suse suse linux 7.3
suse suse linux 9.0
suse suse linux 9.1
suse suse linux 1.0
suse suse linux 2.0
suse suse linux 5.1
suse suse linux 5.2
suse suse linux 6.3
suse suse linux 7.0
suse suse linux 7.2
suse suse linux 8.2
redhat fedora core core_2.0
redhat fedora core core_3.0
suse suse linux 4.4.1
suse suse linux 5.0
suse suse linux 6.2
suse suse linux 8.0
suse suse linux 8.1
suse suse linux 9.2
suse suse linux 4.3
suse suse linux 4.4
suse suse linux 6.1

Erik Sj�lund discovered several vulnerabilities in enscript which could cause arbitrary code execution with the privileges of the user calling enscript ...

Synopsis enscript security update Type/Severity Security Advisory: Low Topic An updated enscript package that fixes several security issues is nowavailable Description GNU enscript converts ASCII files to PostScriptEnscript has the ability to interpret special escape sequences A flaw was ...

Synopsis enscript security update Type/Severity Security Advisory: Low Topic An updated enscript package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 4This update has been rated as having low security impact by the Red HatSecurity Response Team Description ...

Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-1184 Unsanitised input can cause the execution of arbitrary commands via EPSF pipe support This ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-654 http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml http://www.redhat.com/support/errata/RHSA-2005-040.html http://securitytracker.com/id?1012965 http://www.securityfocus.com/bid/12329 http://www.mandriva.com/security/advisories?name=MDKSA-2005:033 http://secunia.com/advisories/35074 http://www.vupen.com/english/advisories/2009/1297 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://support.apple.com/kb/HT3549 https://exchange.xforce.ibmcloud.com/vulnerabilities/19012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658 https://usn.ubuntu.com/68-1/http://www.securityfocus.com/archive/1/435199/100/0/threaded http://www.securityfocus.com/archive/1/419768/100/0/threaded https://usn.ubuntu.com/68-1/https://nvd.nist.gov

CVE-2004-1184

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect