ID CVE-2004-1377
Summary The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:a2ps:4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:a2ps:4.13b:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 12108
  • 12109
confirm http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html
gentoo GLSA-200501-02
secunia 13641
xf
  • gnu-a2ps-fixpsin-symlink(18671)
  • gnu-a2ps-psmanupin-symlink(18672)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 11-07-2017 - 01:30
Published 27-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top