Mandrake Linux Security Advisory : a2ps (MDKSA-2004:140)

Critical Nessus Plugin ID 15838


The remote Mandrake Linux host is missing one or more security updates.


The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application.

The updated packages have been patched to prevent this problem.


Update the affected a2ps, a2ps-devel and / or a2ps-static-devel packages.

Plugin Details

Severity: Critical

ID: 15838

File Name: mandrake_MDKSA-2004-140.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/11/27

Modified: 2014/04/15

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:a2ps, p-cpe:/a:mandriva:linux:a2ps-devel, p-cpe:/a:mandriva:linux:a2ps-static-devel, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/11/25

Reference Information

CVE: CVE-2004-1170

BID: 11025

MDKSA: 2004:140