Vulnerability Name:

CVE-2004-1170 (CCN-17127)

Assigned:2004-08-26
Published:2004-08-26
Updated:2018-10-19
Summary:a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Aug 24 2004 - 06:01:47 CDT
a2ps executing shell commands from file name

Source: FULLDISC
Type: Exploit, Patch, Vendor Advisory
20040824 a2ps executing shell commands from file name

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/283134

Source: MITRE
Type: CNA
CVE-2004-1170

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2005.003

Source: CCN
Type: SA12375
GNU a2ps Command Injection Vulnerability

Source: SECUNIA
Type: UNKNOWN
12375

Source: CCN
Type: Sun Alert ID: 57649
Security Vulnerability in "a2ps" May Allow A Local Unprivileged User to Execute Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
57649

Source: DEBIAN
Type: DSA-612
a2ps -- unsanitised input

Source: CCN
Type: FreeBSD Application Support Documentation Vendors Search Web page
ports/print/a2ps-letter/

Source: CCN
Type: GLSA-200501-02
a2ps: Multiple vulnerabilities

Source: CCN
Type: GNU a2ps Web page
a2ps - GNU Project - Free Software Foundation (FSF)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:140

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:034

Source: CCN
Type: OpenPKG-SA-2005.003
a2ps

Source: CCN
Type: OSVDB ID: 9176
GNU a2ps File Name Shell Command Execution

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/unixfocus/5MP0N2KDPA.html

Source: FEDORA
Type: UNKNOWN
FLSA:152870

Source: BID
Type: Exploit, Patch, Vendor Advisory
11025

Source: CCN
Type: BID-11025
GNU a2ps File Name Command Execution Vulnerability

Source: CCN
Type: TLSA-2005-8
File name sanitization issue allows arbitrary command execution

Source: XF
Type: UNKNOWN
gnu-a2ps-gain-privileges(17127)

Source: XF
Type: UNKNOWN
gnu-a2ps-gain-privileges(17127)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:a2ps:4.13:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:a2ps:4.13b:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_desktop_system:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_desktop_system:2003:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:a2ps:4.13:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041170
    V
    		CVE-2004-1170
    2015-11-16
    oval:org.debian:def:612
    V
    		unsanitised input
    2004-12-20
    BACK
    gnu a2ps 4.13
    gnu a2ps 4.13b
    sun java desktop system 2.0
    sun java desktop system 2003
    suse suse linux 8
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    gnu a2ps 4.13
    freebsd freebsd *
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.1
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1