Re: [BLFS Trac] #1799: Enscript security fixes

Mon, 10 Apr 2006 05:43:36 -0700 

#1799: Enscript security fixes
--------------------------------------------+-------------------------------
 Reporter:  [EMAIL PROTECTED]  |        Owner:  [EMAIL PROTECTED]
     Type:  defect                          |       Status:  new                
       
 Priority:  highest                         |    Milestone:  6.2                
       
Component:  BOOK                            |      Version:  a-SVN              
       
 Severity:  blocker                         |   Resolution:                     
       
 Keywords:  Enscript                        |  
--------------------------------------------+-------------------------------
Changes (by [EMAIL PROTECTED]):

  * keywords:  => Enscript
  * milestone:  future => 6.2
  * owner:  [email protected] => [EMAIL PROTECTED]
  * priority:  high => highest
  * severity:  normal => blocker

Old description:

> Unpatched Enscript is vulnerable to:
>
> CAN-2004-1184: Enscript does not sanitize filenames, which allows remote
> attackers or local users to execute arbitrary commands via crafted
> filenames.
>
> CAN-2004-1185: The EPSF pipe support in Enscript allows remote attackers
> or
> local users to execute arbitrary commands via shell metacharacters.
>
> CAN-2004-1186: Multiple buffer overflows in Enscript allow remote
> attackers or
> local users to cause a denial of service (application crash).
>
> Here "remote attackers" = people who feed untrusted data to Enscript
> exposed via
> a web form or a similar mechanism.

New description:

 Unpatched Enscript is vulnerable to:

 CAN-2004-1184: Enscript does not sanitize filenames, which allows remote
 attackers or local users to execute arbitrary commands via crafted
 filenames.

 CAN-2004-1185: The EPSF pipe support in Enscript allows remote attackers
 or
 local users to execute arbitrary commands via shell metacharacters.

 CAN-2004-1186: Multiple buffer overflows in Enscript allow remote
 attackers or
 local users to cause a denial of service (application crash).

 Here "remote attackers" = people who feed untrusted data to Enscript
 exposed via
 a web form or a similar mechanism.

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/1799>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to