CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

DEBIAN-CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

Stack overflow

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

CVE-2008-3863

GNU Enscript 1.6.1 and 1.6.4 beta are affected by CVE-2008-3863 due to a stack-based buffer overflow in read_special_escape (src/psgen.c) when -e escapes processing is enabled. A crafted ASCII file can trigger arbitrary code execution via the setfilename path, allowing a remote attacker (with use...

CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

GNU Enscript src/psgen.c栈溢出漏洞

BUGTRAQ ID: 31858 CVECAN ID: CVE-2008-3863 GNU enscript是用于替换Adobe enscript程序的脚本。Enscript可将ASCII文件转换为PostScript并将生成的PostScript输出提供给指定的打印机。 GNU enscript src/psgen.c文件中的readspecialescape函数存在栈溢出漏洞。如果用户通过-e选项启用了特殊转义处理的话，在转换恶意文件时就可能触发这个溢出，导致执行任意指令。 GNU Enscript 1.6.4 beta GNU Enscript 1.6.1 GNU ---...

enscript -- arbitrary code execution vulnerability

Ulf Harnhammar of Secunia Research reports: Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafte...

Gentoo Security Advisory GLSA 200502-03 (enscript)

The remote host is missing updates announced in advisory GLSA 200502-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200502-03 (enscript)

The remote host is missing updates announced in advisory GLSA 200502-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj

The remote host is missing an update to the system as announced in the referenced advisory. VID 72da8af6-7c75-11d9-8cc5-000854d03344 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian: Security Advisory (DSA-654-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 654-1 (enscript)

The remote host is missing an update to enscript announced via advisory DSA 654-1. OpenVAS Vulnerability Test $Id: deb6541.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 654-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 105-1 (enscript)

The remote host is missing an update to enscript announced via advisory DSA 105-1. OpenVAS Vulnerability Test $Id: deb1051.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 105-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 105-1 (enscript)

The remote host is missing an update to enscript announced via advisory DSA 105-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 4.10 : enscript vulnerabilities (USN-68-1)

Erik Sjolund discovered several vulnerabilities in enscript which could cause arbitrary code execution with the privileges of the user calling enscript. Quotes and other shell escape characters in titles and file names were not handled in previous versions. CAN-2004-1184 Previous versions support...

FreeBSD : enscript -- multiple vulnerabilities (72da8af6-7c75-11d9-8cc5-000854d03344)

Erik Sjolund discovered several issues in enscript : it suffers from several buffer overflows, quotes and shell escape characters are insufficiently sanitized in filenames, and it supported taking input from an arbitrary command pipe, with unwanted side effects. %NASLMINLEVEL 70300 C Tenable...

RHEL 4 : enscript (RHSA-2005:040)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:040 advisory. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the...