Mandrake Linux Security Advisory : enscript (MDKSA-2005:033)

High Nessus Plugin ID 16376

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.5

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript (CVE-2004-1184).

Additionally, flaws were found in enscript that could be abused by executing enscript with carefully crafted command-line arguments.
These flaws only have a security impact if enscript is executed by other programs and passed untrusted data from remote users (CVE-2004-1185 and CVE-2004-1186).

The updated packages have been patched to prevent these problems.

Solution

Update the affected enscript package.

Plugin Details

Severity: High

ID: 16376

File Name: mandrake_MDKSA-2005-033.nasl

Version: 1.18

Type: local

Published: 2005/02/11

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.5

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:enscript, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/02/10

Reference Information

CVE: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186

MDKSA: 2005:033