CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
Vendor | Product | Version | CPE |
---|---|---|---|
gnu | a2ps | * | cpe:2.3:a:gnu:a2ps:*:*:*:*:*:*:*:* |
gnu | a2ps | 4.10.3 | cpe:2.3:a:gnu:a2ps:4.10.3:*:*:*:*:*:*:* |
gnu | a2ps | 4.10.4 | cpe:2.3:a:gnu:a2ps:4.10.4:*:*:*:*:*:*:* |
gnu | a2ps | 4.12 | cpe:2.3:a:gnu:a2ps:4.12:*:*:*:*:*:*:* |
gnu | a2ps | 4.13 | cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:* |
gnu | a2ps | 4.13b | cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:* |