Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-68-1
HistoryJan 24, 2005 - 12:00 a.m.

enscript vulnerabilities

2005-01-2400:00:00
ubuntu.com
29

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Releases

  • Ubuntu 4.10

Details

Erik Sjölund discovered several vulnerabilities in enscript which
could cause arbitrary code execution with the privileges of the user
calling enscript.

Quotes and other shell escape characters in titles and file names were
not handled in previous versions. (CAN-2004-1184)

Previous versions supported reading EPS data not only from a file, but
also from an arbitrary command pipe. Since checking for unwanted side
effects is infeasible, this feature has been disabled after
consultation with the authors of enscript. (CAN-2004-1185)

Finally, this update fixes two buffer overflows which were triggered by
certain input files. (CAN-2004-1186)

These issues can lead to privilege escalation if enscript is called
automatically from web server applications like viewcvs.

OSVersionArchitecturePackageVersionFilename
Ubuntu4.10noarchenscript< *UNKNOWN

Related

redhat 2
nessus 12
openvas 7
securityvulns 2
freebsd 1
debian 2
osv 1
gentoo 1
ubuntucve 3
debiancve 3
cve 3
redhat
redhat
(RHSA-2005:040) enscript security update
2005-02-15 00:00:00
(RHSA-2005:039) enscript security update
2005-02-01 00:00:00
nessus
nessus
Ubuntu 4.10 : enscript vulnerabilities (USN-68-1)
2006-01-15 00:00:00
FreeBSD : enscript -- multiple vulnerabilities (72da8af6-7c75-11d9-8cc5-000854d03344)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : enscript (MDKSA-2005:033)
2005-02-11 00:00:00
openvas
openvas
FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj
2008-09-04 00:00:00
Debian Security Advisory DSA 654-1 (enscript)
2008-01-17 00:00:00
SLES9: Security update for enscript
2009-10-10 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
2005-01-23 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
freebsd
freebsd
enscript -- multiple vulnerabilities
2005-02-02 00:00:00
debian
debian
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
2005-01-21 14:06:09
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
2005-01-21 14:06:09
osv
osv
enscript - several
2005-01-21 00:00:00
gentoo
gentoo
enscript: Multiple vulnerabilities
2005-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2004-1186
2004-12-31 00:00:00
CVE-2004-1185
2005-01-21 00:00:00
CVE-2004-1184
2005-01-21 00:00:00
debiancve
debiancve
CVE-2004-1186
2004-12-31 05:00:00
CVE-2004-1185
2005-01-21 05:00:00
CVE-2004-1184
2005-01-21 05:00:00
cve
cve
CVE-2004-1186
2004-12-31 05:00:00
CVE-2004-1185
2005-01-21 05:00:00
CVE-2004-1184
2005-01-21 05:00:00

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON
Related for USN-68-1
redhat2nessus12openvas7securityvulns2freebsd1debian2osv1gentoo1ubuntucve3debiancve3cve3