FreeBSD : a2ps -- insecure command line argument handling (8091fcea-f35e-11d8-81b0-000347a4fa7d)
Critical Nessus Plugin ID 37951
The remote FreeBSD host is missing one or more security-related updates.
Rudolf Polzer reports : a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing 'a2ps *.txt' in /tmp - is therefore dangerous.