CVE-2004-1184

9 documents9 sources
Severity
4.6MEDIUM
EPSS
0.9%
top 23.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU EnscriptRedhat Fedora CoreSGI Propack+1 more
Timeline
PublishedJan 21
Latest updateApr 29

Description

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages5 packages

Debianenscript< 1.6.4-6+3
NVDgnu/enscript7 versions+6
NVDsgi/propack3.0
NVDsuse/suse_linux27 versions+26
NVDredhat/fedora_corecore_2.0, core_3.0+1

Patches

Patch: www.debian.orgPatch: www.gentoo.orgPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-m3q3-jjv2-53w5: The EPSF pipe support in enscript 12022-04-29
CVEList
CVE-2004-1184: The EPSF pipe support in enscript 12005-01-29
OSV
CVE-2004-1184: The EPSF pipe support in enscript 12005-01-21

💥Exploits & PoCs

1
Exploit-DB
Multiple Vendor - TCP Session Acknowledgement Number Denial of Service2004-12-13

📋Vendor Advisories

3
Ubuntu
enscript vulnerabilities2005-01-24
Red Hat
security flaw2005-01-20
Debian
CVE-2004-1184: enscript - The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users t...2004

💬Community

1
Bugzilla
CVE-2004-1184 security flaw2018-08-16