From de9996cec7520f34cc54151cd12f6b2112c7a23d Mon Sep 17 00:00:00 2001 From: simon Date: Tue, 19 Oct 2004 21:41:22 +0000 Subject: Document insecure command line argument handling in a2ps. Approved by: nectar --- security/vuxml/vuln.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 97c1ae9..4fd90d6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,47 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + a2ps -- insecure command line argument handling + + + a2ps-a4 + 4.13b_2 + + + a2ps-letter + 4.13b_2 + + + a2ps-letterdj + 4.13b_2 + + + + +

Rudolf Polzer reports:

+
a2ps builds a command line for file() containing an + unescaped version of the file name, thus might call + external programs described by the file name. Running a + cronjob over a public writable directory a2ps-ing all + files in it - or simply typing "a2ps *.txt" in /tmp - is + therefore dangerous.
+

+ + + + ports/70618 + 11025 + http://www.osvdb.org/9176 + http://marc.theaimsgroup.com/?l=full-disclosure&m=109334851517137 + + + 2004-08-18 + 2004-10-17 + + + ifmail -- unsafe set-user-ID application -- cgit v1.1