|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-03] enscript: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary enscript: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-03
(enscript: Multiple vulnerabilities)
Erik Sjolund discovered several issues in enscript: it suffers
from several buffer overflows (CVE-2004-1186), quotes and shell escape
characters are insufficiently sanitized in filenames (CVE-2004-1185),
and it supported taking input from an arbitrary command pipe, with
unwanted side effects (CVE-2004-1184).
Impact
A possible hacker could design malicious files or input data which, once
feeded into enscript, would trigger the execution of arbitrary code
with the rights of the user running enscript.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1186
Solution:
All enscript users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.3-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|