CVE-2004-1170
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.5%
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gnu | a2ps | 4.13 | cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:* |
| gnu | a2ps | 4.13b | cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:* |
| sun | java_desktop_system | 2.0 | cpe:2.3:a:sun:java_desktop_system:2.0:*:*:*:*:*:*:* |
| sun | java_desktop_system | 2003 | cpe:2.3:a:sun:java_desktop_system:2003:*:*:*:*:*:*:* |
| suse | suse_linux | 8 | cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:* |
| suse | suse_linux | 8.1 | cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:* |
| suse | suse_linux | 8.2 | cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:* |
| suse | suse_linux | 9.0 | cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:* |
| suse | suse_linux | 9.0 | cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:* |
| suse | suse_linux | 9.0 | cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:* |
References
archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html
bugs.debian.org/283134
marc.info/?l=bugtraq&m=110598355226660&w=2
secunia.com/advisories/12375
sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause=
www.mandriva.com/security/advisories?name=MDKSA-2004:140
www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
www.securiteam.com/unixfocus/5MP0N2KDPA.html
www.securityfocus.com/archive/1/419765/100/0/threaded
www.securityfocus.com/bid/11025
exchange.xforce.ibmcloud.com/vulnerabilities/17127
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.5%