CVE-2004-1377
First published: Mon Dec 27 2004(Updated: )
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU a2ps | =4.13 | |
| GNU a2ps | =4.13b | |
| Turbolinux | ||
| Turbolinux Server | =7.0 | |
| Turbolinux Server | =8.0 | |
| Turbolinux Workstation | =7.0 | |
| Turbolinux Workstation | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml
- http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html
- http://secunia.com/advisories/13641
- http://www.securityfocus.com/bid/12108
- http://www.securityfocus.com/bid/12109
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18671
Frequently Asked Questions
What is the severity of CVE-2004-1377?
CVE-2004-1377 has been classified as a high-severity vulnerability due to its ability to allow local users to overwrite arbitrary files.
How do I fix CVE-2004-1377?
To fix CVE-2004-1377, upgrade to a2ps version 4.13 or later which addresses the symlink vulnerability.
Who is affected by CVE-2004-1377?
CVE-2004-1377 affects users of a2ps versions prior to 4.13, including specific versions of Turbolinux.
What is a symlink attack in the context of CVE-2004-1377?
A symlink attack in CVE-2004-1377 allows local users to create symbolic links to overwrite files that the vulnerable scripts attempt to write.
Are there any workarounds for CVE-2004-1377?
While the best solution is upgrading, a temporary workaround could include removing or disabling the use of vulnerable scripts during the risk period.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/gnu
- canonical/gnu a2ps
- version/gnu a2ps/4.13
- version/gnu a2ps/4.13b
- vendor/turbolinux
- canonical/turbolinux
- canonical/turbolinux server
- version/turbolinux server/7.0
- version/turbolinux server/8.0
- canonical/turbolinux workstation
- version/turbolinux workstation/7.0
- version/turbolinux workstation/8.0