Remote Command Execution in a2ps by GNU
CVE-2004-1170

Currently unrated

Key Information:

Vendor

Gnu
Status
A2ps
Java Desktop System
Vendor
CVE Published:
10 January 2005

What is CVE-2004-1170?

The a2ps tool version 4.13 is susceptible to a vulnerability that permits remote attackers to execute arbitrary commands by exploiting shell metacharacters present in the filename. This could lead to unauthorized actions being performed on the affected systems without the consent of the user.

References

http://bugs.debian.org/283134
x_refsource_CONFIRM
http://archives.neohapsis.com/archives/fulldisclosure/200...
mailing-listx_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=110598355226660&w=2
vendor-advisoryx_refsource_OPENPKG

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2004-1170 : Remote Command Execution in a2ps by GNU