CVE-2004-1184

Severity

46%

Complexity

39%

Confidentiality

106%

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 20 years ago

2005-01-21 05:00:00

Last updated 6 years ago

2018-10-19 15:30:00

Affected Software

GNU Enscript 1.4

1.4

GNU Enscript 1.5

1.5

GNU Enscript 1.6

1.6

GNU Enscript 1.6.1

1.6.1

GNU Enscript 1.6.2

1.6.2

GNU Enscript 1.6.3

1.6.3

GNU Enscript 1.6.4

1.6.4

SGI ProPack 3.0

3.0

SuSE SuSE Linux 1.0

1.0

SuSE SuSE Linux 4.2

4.2

SuSE SuSE Linux 4.3

4.3

SuSE SuSE Linux 4.4

4.4

SuSE SuSE Linux 4.4.1

4.4.1

SuSE SuSE Linux 5.0

5.0

SuSE SuSE Linux 5.1

5.1

SuSE SuSE Linux 5.2

5.2

SuSE SuSE Linux 5.3

5.3

SuSE SuSE Linux 6.0

6.0

SuSE SuSE Linux 6.1

6.1

SuSE SuSE Linux 6.1 alpha

6.1

SuSE SuSE Linux 6.2

6.2

SuSE SuSE Linux 6.3

6.3

SuSE SuSE Linux 6.3 alpha

6.3

SuSE SuSE Linux 6.4

6.4

SuSE SuSE Linux 6.4 alpha

6.4

SuSE SuSE Linux 7.0

7.0

SuSE SuSE Linux 7.0 alpha

7.0

SuSE SuSE Linux 7.1

7.1

SuSE SuSE Linux 7.1 alpha

7.1

SuSE SuSE Linux 7.2

7.2

SuSE SuSE Linux 7.3

7.3

SuSE SuSE Linux 8.0

8.0

SuSE SuSE Linux 8.1

8.1

SuSE SuSE Linux 8.2

8.2

SuSE SuSE Linux 9.0

9.0

SuSE SuSE Linux 9.1

9.1

SuSE SuSE Linux 9.2

9.2

References

APPLE-SA-2009-05-12

35074

1012965

http://support.apple.com/kb/HT3549

DSA-654

Patch, Vendor Advisory

GLSA-200502-03

Patch, Vendor Advisory

MDKSA-2005:033

RHSA-2005:040

Patch, Vendor Advisory

FLSA:152892

20060526 rPSA-2006-0083-1 enscript

12329

TA09-133A

US Government Resource

ADV-2009-1297

enscript-epsf-command-ececution(19012)

oval:org.mitre.oval:def:9658

USN-68-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.