CVE-2004-1377

6 documents6 sources
Severity
2.1LOW
EPSS
0.1%
top 78.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU A2psTurbolinux Turbolinux ServerTurbolinux Turbolinux Workstation
Timeline
PublishedDec 27
Latest updateApr 29

Description

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

Debiana2ps< 1:4.13b-4.3+3
NVDgnu/a2ps4.13, 4.13b+1

Patches

Patch: www.gentoo.orgPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-gjhg-g59h-c3r3: The (1) fixps (aka fixps2022-04-29
CVEList
CVE-2004-1377: The (1) fixps (aka fixps2005-01-19
OSV
CVE-2004-1377: The (1) fixps (aka fixps2004-12-27

📋Vendor Advisories

2
Debian
CVE-2004-1377: a2ps - The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps ...2004
Red Hat
CVE-2004-1377: The (1) fixps (aka fixps