SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Enscript (GNU) Vendors:  Rossi, Markku
GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases
SecurityTracker Alert ID:  1012965
SecurityTracker URL:  http://securitytracker.com/id?1012965
CVE Reference:  CAN-2004-1184 ,  CAN-2004-1185 ,  CAN-2004-1186   (Links to External Site)
Date:  Jan 21 2005
Impact:  Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via network
Version(s): 1.6.4 and prior versions
Description:  Several vulnerabilities were reported in GNU Enscript. A local user may be able to execute arbitrary commands or cause denial of service conditions. In some cases, a remote user may also be able to trigger these flaws.

Debian reported that an input validation vulnerability in EPSF pipe support may allow arbitrary commands to be executed [CVE: CAN-2004-1184].

An input validation flaw in the processing of filenames allows arbitrary commands to be executed [CVE: CAN-2004-1185].

Several buffer overflows may cause the application to crash [CVE: CAN-2004-1186].

These flaws reside in 'src/util.c' and 'src/psgen.c'.

Debian notes that enscript is usually run locally, but may be executed remotely via other applications (such as viewcvs).

Erik Sjolund is credited with discovering these flaws.
Impact:  If the target application is called via a remotely accessible application, a remote user may be able to execute arbitrary code or cause denial of service conditions.
Solution:  No solution was available at the time of this entry.
Vendor URL:  people.ssh.fi/mtr/genscript/ (Links to External Site)
Cause:  Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 21 2005 (Debian Issues Fix) GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Feb 2 2005 (Red Hat Issues Fix) GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases   (bugzilla@redhat.com)
Red Hat has released a fix.
Feb 3 2005 (Gentoo Issues Fix) GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix.
Feb 11 2005 (Mandrake Issues Fix) GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases   (Mandrakelinux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Feb 15 2005 (Red Hat Issues Fix) GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases   (bugzilla@redhat.com)
Red Hat has released a fix.


 Source Message Contents
Date:  Fri, 21 Jan 2005 09:38:29 -0500
Subject:  [none]

 
 
Debian reported vulnerabilities in enscript.  A local or remote user may be able to 
execute arbitrary commands or cause denial of service conditions.
 
An input validation vulnerability in EPSF pipe support may allow arbitrary commands
to be executed [CVE: CAN-2004-1184].
 
An input validation flaw in the processing of filenames allows arbitrary commands
to be executed [CVE: CAN-2004-1185].
 
Several buffer overflows may cause the application to crash [CVE: CAN-2004-1186].
 
Debian notes that enscript is usually run locally, but may be executed remotely via
other applications (such as viewcvs).
 
Erik Sjolund is credited with discovering these flaws.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC