'[SA12375] GNU a2ps Command Injection Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secunia-sec-adv
Subject:    [SA12375] GNU a2ps Command Injection Vulnerability
From:       Secunia Security Advisories <sec-adv () secunia ! com>
Date:       2004-08-26 10:20:44
Message-ID: 200408261020.i7QAKikW026129 () secunia ! com
[Download RAW message or body]


TITLE:
GNU a2ps Command Injection Vulnerability

SECUNIA ADVISORY ID:
SA12375

VERIFY ADVISORY:
http://secunia.com/advisories/12375/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
GNU a2ps 4.x
http://secunia.com/product/3837/

DESCRIPTION:
Rudolf Polzer has discovered a vulnerability in GNU a2ps, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

The vulnerability is caused due to insufficient validation of shell
escape characters in filenames and can potentially lead to execution
of arbitrary commands.

This can e.g. be exploited when a user is using a wildcard in the
filename for a2ps, which matches a filename that a malicious user can
control (e.g. in a world-writeable directory).

Another exploit vector is when a2ps is used from within a script or
program, which accesses files where the filename can be controlled by
a malicious user.

The vulnerability has been confirmed in version 4.13. Other versions
may also be affected.

SOLUTION:
Don't use the product on files with untrusted filenames.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Rudolf Polzer

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=secunia-sec-adv@progressive-comp.com

----------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic