Debian Security Advisory DSA 2892-1 (a2ps - security update)

Debian Security Advisory DSA 2892-1 for a2ps vulnerable to spy_user function and fixps script

Reporter	Title	Published	Views	Family All 51
AlpineLinux	CVE-2014-0466	3 Apr 201416:15	–	alpinelinux
ArchLinux	[ASA-202005-4] a2ps: multiple issues	6 May 202000:00	–	archlinux
CVE	CVE-2001-1593	5 Apr 201421:00	–	cve
CVE	CVE-2014-0466	3 Apr 201415:00	–	cve
Cvelist	CVE-2001-1593	5 Apr 201421:00	–	cvelist
Cvelist	CVE-2014-0466	3 Apr 201415:00	–	cvelist
Debian	[SECURITY] [DSA 2892-1] a2ps security update	31 Mar 201418:46	–	debian
Debian	[SECURITY] [DSA 2892-1] a2ps security update	31 Mar 201418:46	–	debian
Debian CVE	CVE-2001-1593	5 Apr 201421:00	–	debiancve
Debian CVE	CVE-2014-0466	3 Apr 201415:00	–	debiancve

Source	Link
debian	www.debian.org/security/2014/dsa-2892.html

# OpenVAS Vulnerability Test
# $Id: deb_2892.nasl 6750 2017-07-18 09:56:47Z teissa $
# Auto-generated from advisory DSA 2892-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_affected  = "a2ps on Debian Linux";
tag_insight   = "GNU a2ps converts files into PostScript for printing or viewing. It uses a
nice default format, usually two pages on each physical page, borders
surrounding pages, headers with useful information (page number, printing
date, file name or supplied header), line numbering, symbol substitution
as well as pretty printing for a wide range of programming languages.";
tag_solution  = "For the oldstable distribution (squeeze), these problems have been fixed
in version 1:4.14-1.1+deb6u1.

For the stable distribution (wheezy), these problems have been fixed in
version 1:4.14-1.1+deb7u1.

For the testing distribution (jessie) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your a2ps packages.";
tag_summary   = "Several vulnerabilities have been found in a2ps, an Anything to
PostScript 
converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2001-1593 
The spy_user function which is called when a2ps is invoked with the
--debug flag insecurely used temporary files.

CVE-2014-0466 
Brian M. Carlson reported that a2ps's fixps script does not invoke
gs with the -dSAFER option. Consequently executing fixps on a
malicious PostScript file could result in files being deleted or
arbitrary commands being executed with the privileges of the user
running fixps.";
tag_vuldetect = "This check tests the installed software version using the apt package manager.";

if(description)
{
    script_id(702892);
    script_version("$Revision: 6750 $");
    script_cve_id("CVE-2001-1593", "CVE-2014-0466");
    script_name("Debian Security Advisory DSA 2892-1 (a2ps - security update)");
    script_tag(name: "last_modification", value:"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $");
    script_tag(name: "creation_date", value:"2014-03-31 00:00:00 +0200 (Mon, 31 Mar 2014)");
    script_tag(name:"cvss_base", value:"6.8");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");

    script_xref(name: "URL", value: "http://www.debian.org/security/2014/dsa-2892.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: tag_affected);
    script_tag(name: "insight",   value: tag_insight);
#    script_tag(name: "impact",    value: tag_impact);
    script_tag(name: "solution",  value: tag_solution);
    script_tag(name: "summary",   value: tag_summary);
    script_tag(name: "vuldetect", value: tag_vuldetect);
    script_tag(name:"qod_type", value:"package");
    script_tag(name:"solution_type", value:"VendorFix");

    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"a2ps", ver:"1:4.14-1.1+deb6u1", rls:"DEB6.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"a2ps", ver:"1:4.14-1.1+deb7u1", rls:"DEB7.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"a2ps", ver:"1:4.14-1.1+deb7u1", rls:"DEB7.1")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"a2ps", ver:"1:4.14-1.1+deb7u1", rls:"DEB7.2")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"a2ps", ver:"1:4.14-1.1+deb7u1", rls:"DEB7.3")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

18 Jul 2017 00:00Current

EPSS0.00342