[Bug 1799] New: Enscript security fixes

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Fri Feb 3 03:24:12 PST 2006


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1799

           Summary: Enscript security fixes
           Product: Beyond LinuxFromScratch
           Version: a-SVN
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: alexander at linuxfromscratch.org
         QAContact: blfs-book at linuxfromscratch.org


Unpatched Enscript is vulnerable to:

CAN-2004-1184: Enscript does not sanitize filenames, which allows remote
attackers or local users to execute arbitrary commands via crafted filenames.

CAN-2004-1185: The EPSF pipe support in Enscript allows remote attackers or
local users to execute arbitrary commands via shell metacharacters.

CAN-2004-1186: Multiple buffer overflows in Enscript allow remote attackers or
local users to cause a denial of service (application crash).

Here "remote attackers" = people who feed untrusted data to Enscript exposed via
a web form or a similar mechanism.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list