CVE-2004-1184

Description

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

Affected products

• gnu / enscript1.6.2 – 1.6.2
• gnu / enscript1.6.3 – 1.6.3
• gnu / enscript1.6.4 – 1.6.4
• gnu / enscript1.6 – 1.6
• gnu / enscript1.6.1 – 1.6.1
• gnu / enscript1.4 – 1.4
• gnu / enscript1.5 – 1.5
• RedHat / fedora_corecore_2.0 – core_2.0
• RedHat / fedora_corecore_3.0 – core_3.0
• sgi / propack3.0 – 3.0
• SUSE / suse_linux5.1 – 5.1
• SUSE / suse_linux5.2 – 5.2
• SUSE / suse_linux5.3 – 5.3
• SUSE / suse_linux6.0 – 6.0
• SUSE / suse_linux6.1 – 6.1
• SUSE / suse_linux6.1 – 6.1
• SUSE / suse_linux6.2 – 6.2
• SUSE / suse_linux6.3 – 6.3
• SUSE / suse_linux6.3 – 6.3
• SUSE / suse_linux6.3 – 6.3
• SUSE / suse_linux6.4 – 6.4
• SUSE / suse_linux6.4 – 6.4
• SUSE / suse_linux6.4 – 6.4
• SUSE / suse_linux6.4 – 6.4
• SUSE / suse_linux7.0 – 7.0
• SUSE / suse_linux7.0 – 7.0
• SUSE / suse_linux7.0 – 7.0
• SUSE / suse_linux7.0 – 7.0
• SUSE / suse_linux7.0 – 7.0
• SUSE / suse_linux7.1 – 7.1
• SUSE / suse_linux7.1 – 7.1
• SUSE / suse_linux7.1 – 7.1
• SUSE / suse_linux7.1 – 7.1
• SUSE / suse_linux7.1 – 7.1
• SUSE / suse_linux7.2 – 7.2
• SUSE / suse_linux7.2 – 7.2
• SUSE / suse_linux7.3 – 7.3
• SUSE / suse_linux7.3 – 7.3
• SUSE / suse_linux7.3 – 7.3
• SUSE / suse_linux7.3 – 7.3
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.1 – 8.1
• SUSE / suse_linux8.2 – 8.2
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.1 – 9.1
• SUSE / suse_linux9.1 – 9.1
• SUSE / suse_linux9.2 – 9.2
• SUSE / suse_linux9.2 – 9.2
• SUSE / suse_linux1.0 – 1.0
• SUSE / suse_linux2.0 – 2.0
• SUSE / suse_linux3.0 – 3.0
• SUSE / suse_linux4.0 – 4.0
• SUSE / suse_linux4.2 – 4.2
• SUSE / suse_linux4.3 – 4.3
• SUSE / suse_linux4.4 – 4.4
• SUSE / suse_linux4.4.1 – 4.4.1
• SUSE / suse_linux5.0 – 5.0

References

• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658
• MISChttp://www.securityfocus.com/archive/1/419768/100/0/threaded
• MISChttp://www.securityfocus.com/bid/12329
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT3549
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:033
• VENDOR_ADVISORYhttps://usn.ubuntu.com/68-1/
• MISChttp://securitytracker.com/id?1012965
• VENDOR_ADVISORYhttp://secunia.com/advisories/35074
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-654
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2009/May/msg00002.html
• MISChttp://www.securityfocus.com/archive/1/435199/100/0/threaded
• MISChttp://www.us-cert.gov/cas/techalerts/TA09-133A.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1297
• MISChttp://www.redhat.com/support/errata/RHSA-2005-040.html
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200502-03.xml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/19012