Computer Security
[EN] securityvulns.ru no-pyccku


a2ps code execution
Published:07.04.2014
Source:
SecurityVulns ID:13671
Type:library
Threat Level:
5/10
Description:Macro are not filtered in Postscript processin.
Affected:A2PS : a2ps 4.14
CVE:CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.)
 CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2892-1] a2ps security update (07.04.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod