FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

a2ps -- insecure temporary file creation

Affected packages
a2ps-a4 < 4.13b_3
a2ps-letter < 4.13b_3
a2ps-letterdj < 4.13b_3

Details

VuXML ID 9168253c-5a6d-11d9-a9e7-0001020eed82
Discovery 2004-12-27
Entry 2004-12-30
Modified 2005-01-19

A Secunia Security Advisory reports that Javier Fernández-Sanguino Peña has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running the vulnerable scripts.

References

Bugtraq ID 12108
Bugtraq ID 12109
CVE Name CVE-2004-1377
URL http://secunia.com/advisories/13641/