Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1170

8 documents8 sources

Severity

10.0CRITICAL

EPSS

15.6%

top 5.31%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU A2ps SUN Java Desktop System Suse Suse Linux

Timeline

PublishedJan 10

Latest updateApr 29

Description

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶Debiana2ps< 1:4.13b-4.2+3

▶NVDgnu/a2ps4.13, 4.13b+1

▶NVDsuse/suse_linux5 versions+4

▶NVDsun/java_desktop_system2.0, 2003+1

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-6hxv-9334-gpvg: a2ps 4↗2022-04-29

▶

OSV

CVE-2004-1170: a2ps 4↗2005-01-10

▶

CVEList

CVE-2004-1170: a2ps 4↗2004-12-10

▶

💥Exploits & PoCs

Exploit-DB

GNU a2ps 4.13 - File Name Command Execution↗2004-08-24

▶

📋Vendor Advisories

Debian

CVE-2004-1170: a2ps - a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metach...↗2004

▶

Red Hat

CVE-2004-1170: a2ps 4↗

▶