FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

a2ps -- insecure command line argument handling

Affected packages
a2ps-a4 < 4.13b_2
a2ps-letter < 4.13b_2
a2ps-letterdj < 4.13b_2

Details

VuXML ID 8091fcea-f35e-11d8-81b0-000347a4fa7d
Discovery 2004-08-18
Entry 2004-10-20
Modified 2004-12-30

Rudolf Polzer reports:

a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps *.txt" in /tmp - is therefore dangerous.

References

Bugtraq ID 11025
CVE Name CVE-2004-1170
FreeBSD PR ports/70618
Message e5312d6a040824040119840c7c@mail.gmail.com
URL http://www.osvdb.org/9176