Vulnerability Details CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.074
EPSS Ranking 91.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/35074
- http://securitytracker.com/id?1012965
- http://support.apple.com/kb/HT3549
- http://www.debian.org/security/2005/dsa-654
- http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:033
- http://www.redhat.com/support/errata/RHSA-2005-040.html
- http://www.securityfocus.com/archive/1/419768/100/0/threaded
- http://www.securityfocus.com/archive/1/435199/100/0/threaded
- http://www.securityfocus.com/bid/12329
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19029
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808
- https://usn.ubuntu.com/68-1/
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/35074
- http://securitytracker.com/id?1012965
- http://support.apple.com/kb/HT3549
- http://www.debian.org/security/2005/dsa-654
- http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:033
- http://www.redhat.com/support/errata/RHSA-2005-040.html
- http://www.securityfocus.com/archive/1/419768/100/0/threaded
- http://www.securityfocus.com/archive/1/435199/100/0/threaded
- http://www.securityfocus.com/bid/12329
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19029
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808
- https://usn.ubuntu.com/68-1/
Products affected by CVE-2004-1185
-
cpe:2.3:a:gnu:enscript:1.3.0
-
cpe:2.3:a:gnu:enscript:1.4.0
-
cpe:2.3:a:gnu:enscript:1.5.0
-
cpe:2.3:a:gnu:enscript:1.6.0
-
cpe:2.3:a:gnu:enscript:1.6.1
-
cpe:2.3:a:gnu:enscript:1.6.2
-
cpe:2.3:a:gnu:enscript:1.6.3