GNU Enscript Malformed Filename Arbitrary Command Execution

2005-01-21T04:05:31
ID OSVDB:13155
Type osvdb
Reporter Erik Sjölund()
Modified 2005-01-21T04:05:31

Description

Vulnerability Description

GNU Enscript contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when creates specially crafted filenames. It is possible that the flaw may allow the attacker to inject arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, respective Linux vendors have released a patch to address this vulnerability.

Short Description

GNU Enscript contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when creates specially crafted filenames. It is possible that the flaw may allow the attacker to inject arbitrary code resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1012965 Secunia Advisory ID:14229 Secunia Advisory ID:14259 Secunia Advisory ID:13968 Secunia Advisory ID:13975 Secunia Advisory ID:14109 Secunia Advisory ID:14105 Secunia Advisory ID:14352 Secunia Advisory ID:13973 Secunia Advisory ID:14048 Related OSVDB ID: 13154 Related OSVDB ID: 13156 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050202-01-U.asc Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:033 CVE-2004-1185