Local File Modification Vulnerability in a2ps by GNU
CVE-2001-1593

Currently unrated

Key Information:

Vendor: Gnu
Status: A2ps
Vendor: CVE Published:; 5 April 2014

Summary

The a2ps product, version 4.14 and earlier, has a vulnerability stemming from the tempname_ensure function in lib/routines.h. This vulnerability allows local users to exploit a symlink attack, potentially enabling them to modify arbitrary files through insecure handling of temporary files. This poses significant risks to system integrity, as unauthorized file changes can lead to data corruption or unintended behavior in applications. Proper security measures should be implemented to mitigate this risk.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385

x_refsource_CONFIRM

http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4....

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1060630

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 5, 2014
Vulnerability Reserved
Feb 5, 2014