Ubuntu 4.10 : enscript vulnerabilities (USN-68-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Erik Sj�d discovered several vulnerabilities in enscript which could
cause arbitrary code execution with the privileges of the user calling
enscript.

Quotes and other shell escape characters in titles and file names were
not handled in previous versions. (CAN-2004-1184)

Previous versions supported reading EPS data not only from a file, but
also from an arbitrary command pipe. Since checking for unwanted side
effects is infeasible, this feature has been disabled after
consultation with the authors of enscript. (CAN-2004-1185)

Finally, this update fixes two buffer overflows which were triggered
by certain input files. (CAN-2004-1186)

These issues can lead to privilege escalation if enscript is called
automatically from web server applications like viewcvs.

Solution :

Update the affected enscript package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20688 ()

Bugtraq ID:

CVE ID: CVE-2004-1184
CVE-2004-1185
CVE-2004-1186