3 results (0.007 seconds)

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. La función tempname_ensure en biblioteca lib/routines.h en a2ps versión 4.14 y anteriores, tal y como es usado por la función spy_user y otras posibles funciones, permite a usuarios locales modificar archivos arbitrarios en una ataque de tipo symlink en un archivo temporal. • http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch http://seclists.org/oss-sec/2014/q1/237 http://seclists.org/oss-sec/2014/q1/253 http://seclists.org/oss-sec/2014/q1/257 http://www.debian.org/security/2014/dsa-2892 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385 https://bugzilla.redhat.com/show_bug.cgi?id=1060630 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. • http://secunia.com/advisories/13641 http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml http://www.securityfocus.com/bid/12108 http://www.securityfocus.com/bid/12109 http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18671 https://exchange.xforce.ibmcloud.com/vulnerabilities/18672 •

CVSS: 10.0EPSS: 3%CPEs: 11EXPL: 3

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. • https://www.exploit-db.com/exploits/24406 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html http://bugs.debian.org/283134 http://marc.info/?l=bugtraq&m=110598355226660&w=2 http://secunia.com/advisories/12375 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause= http://www.mandriva.com/security/advisories?name=MDKSA-2004:140 http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html http://www.securiteam.com •