CVE Vulnerabilities

CVE-2004-1185

Published: Jan 21, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

Affected Software

Name Vendor Start Version End Version
Enscript Gnu 1.3.0 (including) 1.3.0 (including)
Enscript Gnu 1.4.0 (including) 1.4.0 (including)
Enscript Gnu 1.5.0 (including) 1.5.0 (including)
Enscript Gnu 1.6.0 (including) 1.6.0 (including)
Enscript Gnu 1.6.1 (including) 1.6.1 (including)
Enscript Gnu 1.6.2 (including) 1.6.2 (including)
Enscript Gnu 1.6.3 (including) 1.6.3 (including)
Enscript Ubuntu dapper *
Enscript Ubuntu devel *
Enscript Ubuntu edgy *
Enscript Ubuntu feisty *
Red Hat Enterprise Linux 3 RedHat enscript-0:1.6.1-24.4 *
Red Hat Enterprise Linux 4 RedHat enscript-0:1.6.1-28.3 *

References