Remote Command Execution in a2ps by GNU
CVE-2004-1170

Currently unrated

Key Information:

Vendor: Gnu
Status: A2ps; Java Desktop System
Vendor: CVE Published:; 10 January 2005

Summary

The a2ps tool version 4.13 is susceptible to a vulnerability that permits remote attackers to execute arbitrary commands by exploiting shell metacharacters present in the filename. This could lead to unauthorized actions being performed on the affected systems without the consent of the user.

References

http://bugs.debian.org/283134

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

http://marc.info/?l=bugtraq&m=110598355226660&w=2

vendor-advisoryx_refsource_OPENPKG

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Dec 9, 2004