First published: Sun Feb 02 2014(Updated: )
Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spy_user(). A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running a2ps. The original report in the Debian bug tracking system (<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385</a>) notes the issue is in src/main.c: 559 tempname_ensure (job->tmp_filenames[0]); 560 spyname = job->tmp_filenames[0]; 561 spy = fopen (spyname, "w"); And also notes there are other calls to tempname_ensure().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU a2ps | =4.12 | |
GNU a2ps | <=4.14 | |
GNU a2ps | =4.13b | |
GNU a2ps | =4.10.3 | |
GNU a2ps | =4.13 | |
GNU a2ps | =4.10.4 | |
debian/a2ps | 1:4.14-7 1:4.14-8 1:4.15.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.