Mandrake Linux Security Advisory : enscript (MDKSA-2005:033)
high Nessus Plugin ID 16376
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 5.5
Synopsis
The remote Mandrake Linux host is missing a security update.Description
A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript (CVE-2004-1184).Additionally, flaws were found in enscript that could be abused by executing enscript with carefully crafted command-line arguments.
These flaws only have a security impact if enscript is executed by other programs and passed untrusted data from remote users (CVE-2004-1185 and CVE-2004-1186).
The updated packages have been patched to prevent these problems.
Solution
Update the affected enscript package.Plugin Details
Severity: High
ID: 16376
File Name: mandrake_MDKSA-2005-033.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 2/11/2005
Updated: 1/6/2021
Dependencies: ssh_get_info.nasl
Risk Information
Risk Factor: High
VPR Score: 5.5
CVSS v2.0
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:enscript, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 2/10/2005
Reference Information
MDKSA: 2005:033