[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251625

 
 

909

 
 

196370

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2001-1593Date: (C)2014-04-11   (M)2023-12-22


The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
DSA-2892
http://seclists.org/oss-sec/2014/q1/253
http://seclists.org/oss-sec/2014/q1/257
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show_bug.cgi?id=1060630

CPE    6
cpe:/a:gnu:a2ps:4.14
cpe:/a:gnu:a2ps:4.13
cpe:/a:gnu:a2ps:4.10.3
cpe:/a:gnu:a2ps:4.10.4
...
CWE    1
CWE-59
OVAL    2
oval:org.secpod.oval:def:601244
oval:org.secpod.oval:def:2100917

© SecPod Technologies