New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.5
Synopsis
The remote Mandrake Linux host is missing a security update.
Description
A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript (CVE-2004-1184).
Additionally, flaws were found in enscript that could be abused by executing enscript with carefully crafted command-line arguments.
These flaws only have a security impact if enscript is executed by other programs and passed untrusted data from remote users (CVE-2004-1185 and CVE-2004-1186).
The updated packages have been patched to prevent these problems.
Solution
Update the affected enscript package.