Info

Disclosure

Aug 24, 2004

Discovery

Unknown

Dates

Exploit

Aug 24, 2004

Solution

Unknown

Description

GNU a2ps contains a flaw that may allow a malicious user to execute arbitrary files. The issue is triggered when a user uses a wildcard in a2ps filenames from within a world writeable directory. It is possible that the flaw may allow arbitrary code execution, resulting in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, FreeBSD has released a patch to address this vulnerability within the FreeBSD operating system.

Products

GNU

a2ps

4.13

References

Security Tracker: 1012475 1012629
Secunia Advisory ID: 12375 13316 13519
ISS X-Force ID: 17127
CVE ID: 2004-1170 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html
Other Advisory URL: http://www.debian.org/security/2004/dsa-612
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:140
Vendor Specific Solution URL: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/print/a2ps-letter/files/

Credit

Rudolf Polzer - divzerogmail.com -

Direct URL: http://osvdb.org/36218