FreeBSD : a2ps -- insecure command line argument handling (8091fcea-f35e-11d8-81b0-000347a4fa7d)

Critical Nessus Plugin ID 37951


The remote FreeBSD host is missing one or more security-related updates.


Rudolf Polzer reports :

a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing 'a2ps *.txt' in /tmp - is therefore dangerous.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 37951

File Name: freebsd_pkg_8091fceaf35e11d881b0000347a4fa7d.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2009/04/23

Modified: 2014/09/18

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:a2ps-a4, p-cpe:/a:freebsd:freebsd:a2ps-letter, p-cpe:/a:freebsd:freebsd:a2ps-letterdj, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/10/20

Vulnerability Publication Date: 2004/08/18

Reference Information

CVE: CVE-2004-1170

BID: 11025

OSVDB: 9176