GNU Enscript EPSF and Filename Command Input Validation Errors May Let Remote Users Execute Arbitrary Code in Certain Cases
|
|
SecurityTracker Alert ID: 1012965 |
|
SecurityTracker URL: http://securitytracker.com/id/1012965
|
|
CVE Reference:
CVE-2004-1184, CVE-2004-1185, CVE-2004-1186
(Links to External Site)
|
Date: Jan 21 2005
|
Impact:
Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via network
|
|
Version(s): 1.6.4 and prior versions
|
Description:
Several vulnerabilities were reported in GNU Enscript. A local user may be able to execute arbitrary commands or cause denial of service conditions. In some cases, a remote user may also be able to trigger these flaws.
Debian reported that an input validation vulnerability in EPSF pipe support may allow arbitrary commands to be executed [CVE: CVE-2004-1184].
An input validation flaw in the processing of filenames allows arbitrary commands to be executed [CVE: CVE-2004-1185].
Several buffer overflows may cause the application to crash [CVE: CVE-2004-1186].
These flaws reside in 'src/util.c' and 'src/psgen.c'.
Debian notes that enscript is usually run locally, but may be executed remotely via other applications (such as viewcvs).
Erik Sjolund is credited with discovering these flaws.
|
Impact:
If the target application is called via a remotely accessible application, a remote user may be able to execute arbitrary code or cause denial of service conditions.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: people.ssh.fi/mtr/genscript/ (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
