CVE-2001-1593

CWE-59 CWE-377 CWE-3678 documents7 sources

Severity

2.1LOW

EPSS

0.1%

top 81.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU A2ps

Timeline

PublishedApr 5

Latest updateApr 30

Description

The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Debiana2ps< 1:4.14-1.2+3

▶Ubuntua2ps< 1:4.14-1.2

▶NVDgnu/a2ps4.14+5

🔴Vulnerability Details

GHSA

GHSA-q93q-4mxv-67mp: The tempname_ensure function in lib/routines↗2022-04-30

▶

OSV

CVE-2001-1593: The tempname_ensure function in lib/routines↗2014-04-05

▶

CVEList

CVE-2001-1593: The tempname_ensure function in lib/routines↗2014-04-05

▶

OSV

CVE-2001-1593: Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spy_user()↗2014-04-05

▶

📋Vendor Advisories

Red Hat

a2ps: insecure temporary file use↗2001-01-05

▶

Debian

CVE-2001-1593: a2ps - The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used...↗2001

▶

💬Community

Bugzilla

CVE-2001-1593 a2ps: insecure temporary file use↗2014-02-03

▶