GNU a2ps File Name Command Execution Vulnerability

Bugtraq ID: 11025
Class: Input Validation Error
CVE: CVE-2004-1170
Remote: No
Local: Yes
Published: Aug 24 2004 12:00AM
Updated: May 08 2006 09:09PM
Credit: Discovery of this issue is credited to Rudolf Polzer <divzero@gmail.com>.
Vulnerable: SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE Linux Enterprise Server 9
SuSE Linux 8.1
Sun Java Desktop System (JDS) 2.0
Sun Java Desktop System (JDS) 2003
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Redhat Linux 9.0 i386
Redhat Linux 7.3 i686
Redhat Linux 7.3 i386
Redhat Linux 7.3
Redhat Fedora Core1
GNU a2ps 4.13 b
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ MandrakeSoft Corporate Server 3.0 x86_64
 + MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.2 x86_64
 + Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ OpenPKG OpenPKG 2.2
+ OpenPKG OpenPKG 2.1
+ OpenPKG OpenPKG Current
 GNU a2ps 4.13
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
Gentoo Linux
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus