Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities found for a2ps by gnu
FKIE_CVE-2015-8107
Vulnerability from fkie_nvd - Published: 2017-04-13 14:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2015/q4/284 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/77595 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2015/q4/284 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77595 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "05534AB5-7B26-417D-988F-F0663710D2EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "La vulnerabilidad de cadena de formato en GNU a2ps 4.14 permite a atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2015-8107",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-13T14:59:00.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2015/q4/284"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2015/q4/284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77595"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-1593
Vulnerability from fkie_nvd - Published: 2014-04-05 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:a2ps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3A3E96-6573-4785-8DFD-73E0F120EB8B",
"versionEndIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF2642F-970D-47B9-87E9-8EA93DD224E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC41BEF-3162-4E0A-BD3E-B4DBDEA149BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "874CD4BB-D4FF-40E5-A38A-F9445ABBC39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AC69D9F0-0F97-43AA-929D-432865098239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB22BD-FA9C-4715-A948-3309E3AD1F85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file."
},
{
"lang": "es",
"value": "La funci\u00f3n tempname_ensure en biblioteca lib/routines.h en a2ps versi\u00f3n 4.14 y anteriores, tal y como es usado por la funci\u00f3n spy_user y otras posibles funciones, permite a usuarios locales modificar archivos arbitrarios en una ataque de tipo symlink en un archivo temporal."
}
],
"id": "CVE-2001-1593",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-05T21:55:06.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/237"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0466
Vulnerability from fkie_nvd - Published: 2014-04-03 16:15 - Updated: 2025-04-12 10:46
Severity ?
Summary
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "05534AB5-7B26-417D-988F-F0663710D2EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."
},
{
"lang": "es",
"value": "El script fixps en a2ps 4.14 no utiliza la opci\u00f3n -dSAFER cuando ejecuta gs, lo que permite a atacantes dependientes de contexto eliminar archivos arbitrarios o ejecutar comandos arbitrarios a trav\u00e9s de un archivo PostScript."
}
],
"id": "CVE-2014-0466",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-03T16:15:39.863",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/66660"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-67"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1170
Vulnerability from fkie_nvd - Published: 2005-01-10 05:00 - Updated: 2026-04-16 00:27
Severity ?
Summary
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | a2ps | 4.13 | |
| gnu | a2ps | 4.13b | |
| sun | java_desktop_system | 2.0 | |
| sun | java_desktop_system | 2003 | |
| suse | suse_linux | 8 | |
| suse | suse_linux | 8.1 | |
| suse | suse_linux | 8.2 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AC69D9F0-0F97-43AA-929D-432865098239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB22BD-FA9C-4715-A948-3309E3AD1F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_desktop_system:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5537D6C-7700-4818-93F7-4449049DF131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_desktop_system:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "A1587AB3-180E-4734-A0AC-4EE5A93B469A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename."
}
],
"id": "CVE-2004-1170",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/283134"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12375"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11025"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/283134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1377
Vulnerability from fkie_nvd - Published: 2004-12-27 05:00 - Updated: 2026-04-16 00:27
Severity ?
Summary
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | a2ps | 4.13 | |
| gnu | a2ps | 4.13b | |
| turbolinux | turbolinux_home | * | |
| turbolinux | turbolinux_server | 7.0 | |
| turbolinux | turbolinux_server | 8.0 | |
| turbolinux | turbolinux_workstation | 7.0 | |
| turbolinux | turbolinux_workstation | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AC69D9F0-0F97-43AA-929D-432865098239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB22BD-FA9C-4715-A948-3309E3AD1F85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065FF0F1-7FAC-4584-92EA-EAA87DC76FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "839D2945-1417-43F5-A526-A14C491CBCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E06DCF0D-3241-453A-A0E4-937FE25EC404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8F79B3-2FBD-4CF1-B202-AB302C5F9CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9428589A-0BD2-469E-978D-38239117D972",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
],
"id": "CVE-2004-1377",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13641"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12108"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12109"
},
{
"source": "cve@mitre.org",
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-8107 (GCVE-0-2015-8107)
Vulnerability from cvelistv5 – Published: 2017-04-13 14:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2015-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77595",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77595"
},
{
"name": "[oss-sec] 20151116 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q4/284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77595",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77595"
},
{
"name": "[oss-sec] 20151116 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q4/284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77595"
},
{
"name": "[oss-sec] 20151116 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q4/284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8107",
"datePublished": "2017-04-13T14:00:00.000Z",
"dateReserved": "2015-11-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:31.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1593 (GCVE-0-2001-1593)
Vulnerability from cvelistv5 – Published: 2014-04-05 21:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2001-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"name": "[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"name": "[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"name": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch",
"refsource": "CONFIRM",
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"name": "[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"name": "DSA-2892",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1593",
"datePublished": "2014-04-05T21:00:00.000Z",
"dateReserved": "2014-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0466 (GCVE-0-2014-0466)
Vulnerability from cvelistv5 – Published: 2014-04-03 15:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:17.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"name": "66660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66660"
},
{
"name": "GLSA-201701-67",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"name": "openSUSE-SU-2014:0499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"name": "66660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66660"
},
{
"name": "GLSA-201701-67",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"name": "openSUSE-SU-2014:0499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"name": "66660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66660"
},
{
"name": "GLSA-201701-67",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"name": "openSUSE-SU-2014:0499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"name": "DSA-2892",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0466",
"datePublished": "2014-04-03T15:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:17.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1377 (GCVE-0-2004-1377)
Vulnerability from cvelistv5 – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2004-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200501-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"name": "12109",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"name": "12108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12108"
},
{
"name": "gnu-a2ps-fixpsin-symlink(18671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"name": "gnu-a2ps-psmanupin-symlink(18672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"name": "13641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200501-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"name": "12109",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"name": "12108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12108"
},
{
"name": "gnu-a2ps-fixpsin-symlink(18671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"name": "gnu-a2ps-psmanupin-symlink(18672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"name": "13641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200501-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"name": "12109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12109"
},
{
"name": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"name": "12108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12108"
},
{
"name": "gnu-a2ps-fixpsin-symlink(18671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"name": "gnu-a2ps-psmanupin-symlink(18672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"name": "13641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1377",
"datePublished": "2005-01-19T05:00:00.000Z",
"dateReserved": "2005-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:46:12.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1170 (GCVE-0-2004-1170)
Vulnerability from cvelistv5 – Published: 2004-12-10 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2004-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:01.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/283134"
},
{
"name": "20040824 a2ps executing shell commands from file name",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"name": "OpenPKG-SA-2005.003",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"name": "SUSE-SA:2004:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"name": "FLSA:152870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"name": "57649",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"name": "12375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12375"
},
{
"name": "gnu-a2ps-gain-privileges(17127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"name": "MDKSA-2004:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"name": "11025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/283134"
},
{
"name": "20040824 a2ps executing shell commands from file name",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"name": "OpenPKG-SA-2005.003",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"name": "SUSE-SA:2004:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"name": "FLSA:152870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"name": "57649",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"name": "12375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12375"
},
{
"name": "gnu-a2ps-gain-privileges(17127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"name": "MDKSA-2004:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"name": "11025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/283134",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/283134"
},
{
"name": "20040824 a2ps executing shell commands from file name",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"name": "OpenPKG-SA-2005.003",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"name": "SUSE-SA:2004:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"name": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"name": "FLSA:152870",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"name": "57649",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"name": "12375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12375"
},
{
"name": "gnu-a2ps-gain-privileges(17127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"name": "MDKSA-2004:140",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"name": "11025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1170",
"datePublished": "2004-12-10T05:00:00.000Z",
"dateReserved": "2004-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:39:01.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8107 (GCVE-0-2015-8107)
Vulnerability from nvd – Published: 2017-04-13 14:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2015-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77595",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77595"
},
{
"name": "[oss-sec] 20151116 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q4/284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77595",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77595"
},
{
"name": "[oss-sec] 20151116 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q4/284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77595"
},
{
"name": "[oss-sec] 20151116 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q4/284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8107",
"datePublished": "2017-04-13T14:00:00.000Z",
"dateReserved": "2015-11-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:31.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1593 (GCVE-0-2001-1593)
Vulnerability from nvd – Published: 2014-04-05 21:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2001-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"name": "[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"name": "[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385"
},
{
"name": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch",
"refsource": "CONFIRM",
"url": "http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060630"
},
{
"name": "[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/253"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/257"
},
{
"name": "DSA-2892",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2892"
},
{
"name": "[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1593",
"datePublished": "2014-04-05T21:00:00.000Z",
"dateReserved": "2014-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0466 (GCVE-0-2014-0466)
Vulnerability from nvd – Published: 2014-04-03 15:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:17.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"name": "66660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66660"
},
{
"name": "GLSA-201701-67",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"name": "openSUSE-SU-2014:0499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"name": "66660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66660"
},
{
"name": "GLSA-201701-67",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"name": "openSUSE-SU-2014:0499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"name": "DSA-2892",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902"
},
{
"name": "66660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66660"
},
{
"name": "GLSA-201701-67",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-67"
},
{
"name": "openSUSE-SU-2014:0499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html"
},
{
"name": "DSA-2892",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-0466",
"datePublished": "2014-04-03T15:00:00.000Z",
"dateReserved": "2013-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:17.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1170 (GCVE-0-2004-1170)
Vulnerability from nvd – Published: 2004-12-10 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2004-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:01.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/283134"
},
{
"name": "20040824 a2ps executing shell commands from file name",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"name": "OpenPKG-SA-2005.003",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"name": "SUSE-SA:2004:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"name": "FLSA:152870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"name": "57649",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"name": "12375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12375"
},
{
"name": "gnu-a2ps-gain-privileges(17127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"name": "MDKSA-2004:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"name": "11025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/283134"
},
{
"name": "20040824 a2ps executing shell commands from file name",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"name": "OpenPKG-SA-2005.003",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"name": "SUSE-SA:2004:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"name": "FLSA:152870",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"name": "57649",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"name": "12375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12375"
},
{
"name": "gnu-a2ps-gain-privileges(17127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"name": "MDKSA-2004:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"name": "11025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/283134",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/283134"
},
{
"name": "20040824 a2ps executing shell commands from file name",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html"
},
{
"name": "OpenPKG-SA-2005.003",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=110598355226660\u0026w=2"
},
{
"name": "SUSE-SA:2004:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
},
{
"name": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5MP0N2KDPA.html"
},
{
"name": "FLSA:152870",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419765/100/0/threaded"
},
{
"name": "57649",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1\u0026searchclause="
},
{
"name": "12375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12375"
},
{
"name": "gnu-a2ps-gain-privileges(17127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17127"
},
{
"name": "MDKSA-2004:140",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:140"
},
{
"name": "11025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1170",
"datePublished": "2004-12-10T05:00:00.000Z",
"dateReserved": "2004-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:39:01.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1377 (GCVE-0-2004-1377)
Vulnerability from nvd – Published: 2005-01-19 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2004-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200501-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"name": "12109",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"name": "12108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12108"
},
{
"name": "gnu-a2ps-fixpsin-symlink(18671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"name": "gnu-a2ps-psmanupin-symlink(18672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"name": "13641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200501-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"name": "12109",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"name": "12108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12108"
},
{
"name": "gnu-a2ps-fixpsin-symlink(18671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"name": "gnu-a2ps-psmanupin-symlink(18672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"name": "13641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200501-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml"
},
{
"name": "12109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12109"
},
{
"name": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html"
},
{
"name": "12108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12108"
},
{
"name": "gnu-a2ps-fixpsin-symlink(18671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18671"
},
{
"name": "gnu-a2ps-psmanupin-symlink(18672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18672"
},
{
"name": "13641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1377",
"datePublished": "2005-01-19T05:00:00.000Z",
"dateReserved": "2005-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:46:12.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}