Symlink Vulnerability in GNU a2ps Product by GNU
CVE-2004-1377

Currently unrated

Key Information:

Vendor: Gnu
Status: A2ps
Vendor: CVE Published:; 27 December 2004

Summary

The fixps and psmandup scripts in GNU a2ps version 4.12 and earlier are susceptible to a symlink attack that allows local users to overwrite arbitrary files. By exploiting this weakness, an attacker can create symlinks to sensitive files, gaining unauthorized access to modify or corrupt critical data, thus jeopardizing the system's integrity and security.

References

http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/12109

vdb-entryx_refsource_BID

http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Jan 19, 2005
Vulnerability published
Dec 27, 2004