Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2005:039
HistoryFeb 01, 2005 - 12:00 a.m.

(RHSA-2005:039) enscript security update

2005-02-0100:00:00
access.redhat.com
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

88.6%

JSON

GNU enscript converts ASCII files to PostScript.

Enscript has the ability to interpret special escape sequences. A flaw was
found in the handling of the epsf command used to insert inline EPS files
into a document. An attacker could create a carefully crafted ASCII file
which made use of the epsf pipe command in such a way that it could execute
arbitrary commands if the file was opened with enscript by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-1184 to this issue.

Additional flaws in Enscript were also discovered which can only be
triggered by executing enscript with carefully crafted command line
arguments. These flaws therefore only have a security impact if enscript
is executed by other programs and passed untrusted data from remote users.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1185 and CAN-2004-1186 to these issues.

All users of enscript should upgrade to these updated packages, which
resolve these issues.

Related

osv 1
openvas 7
debian 2
gentoo 1
nessus 12
securityvulns 2
ubuntu 1
freebsd 1
redhat 1
cve 3
ubuntucve 3
debiancve 3
osv
osv
enscript - several
2005-01-21 00:00:00
openvas
openvas
Debian Security Advisory DSA 654-1 (enscript)
2008-01-17 00:00:00
SLES9: Security update for enscript
2009-10-10 00:00:00
FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
2005-01-21 14:06:09
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
2005-01-21 14:06:09
gentoo
gentoo
enscript: Multiple vulnerabilities
2005-02-02 00:00:00
nessus
nessus
GLSA-200502-03 : enscript: Multiple vulnerabilities
2005-02-14 00:00:00
Fedora Core 2 : enscript-1.6.1-25.2 (2005-015)
2005-01-27 00:00:00
Ubuntu 4.10 : enscript vulnerabilities (USN-68-1)
2006-01-15 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
2005-01-23 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
ubuntu
ubuntu
enscript vulnerabilities
2005-01-24 00:00:00
freebsd
freebsd
enscript -- multiple vulnerabilities
2005-02-02 00:00:00
redhat
redhat
(RHSA-2005:040) enscript security update
2005-02-15 00:00:00
cve
cve
CVE-2004-1186
2004-12-31 05:00:00
CVE-2004-1185
2005-01-21 05:00:00
CVE-2004-1184
2005-01-21 05:00:00
ubuntucve
ubuntucve
CVE-2004-1186
2004-12-31 00:00:00
CVE-2004-1185
2005-01-21 00:00:00
CVE-2004-1184
2005-01-21 00:00:00
debiancve
debiancve
CVE-2004-1186
2004-12-31 05:00:00
CVE-2004-1185
2005-01-21 05:00:00
CVE-2004-1184
2005-01-21 05:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

88.6%

JSON
Related for RHSA-2005:039
osv1openvas7debian2gentoo1nessus12securityvulns2ubuntu1freebsd1redhat1cve3ubuntucve3debiancve3