CVE-2004-1184MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
References
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://securitytracker.com/id?1012965
http://support.apple.com/kb/HT3549
http://www.debian.org/security/2005/dsa-654
http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:033
http://www.redhat.com/support/errata/RHSA-2005-040.html
http://www.securityfocus.com/archive/1/419768/100/0/threaded
http://www.securityfocus.com/archive/1/435199/100/0/threaded
http://www.securityfocus.com/bid/12329
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/19012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658
Details
Source: MITRE
Published: 2005-01-21
Updated: 2018-10-19
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:gnu:enscript:1.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:enscript:1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:enscript:1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:enscript:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:enscript:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:enscript:1.6.3:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 41347 | SuSE9 Security Update : enscript (YOU Patch Number 9867) | Nessus | SuSE Local Security Checks | high |
| 38744 | Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 38743 | Mac OS X Multiple Vulnerabilities (Security Update 2009-002) | Nessus | MacOS X Local Security Checks | critical |
| 20688 | Ubuntu 4.10 : enscript vulnerabilities (USN-68-1) | Nessus | Ubuntu Local Security Checks | high |
| 18981 | FreeBSD : enscript -- multiple vulnerabilities (72da8af6-7c75-11d9-8cc5-000854d03344) | Nessus | FreeBSD Local Security Checks | high |
| 17172 | RHEL 4 : enscript (RHSA-2005:040) | Nessus | Red Hat Local Security Checks | high |
| 16440 | GLSA-200502-03 : enscript: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 16376 | Mandrake Linux Security Advisory : enscript (MDKSA-2005:033) | Nessus | Mandriva Local Security Checks | high |
| 16296 | RHEL 2.1 / 3 : enscript (RHSA-2005:039) | Nessus | Red Hat Local Security Checks | high |
| 16268 | Fedora Core 3 : enscript-1.6.1-28.0.2 (2005-016) | Nessus | Fedora Local Security Checks | high |
| 16267 | Fedora Core 2 : enscript-1.6.1-25.2 (2005-015) | Nessus | Fedora Local Security Checks | high |
| 16238 | Debian DSA-654-1 : enscript - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 5023 | Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 800792 | Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |