GNU a2ps File Name Command Execution Vulnerability

Bugtraq ID:	11025
Class:	Input Validation Error
CVE:	CVE-2004-1170
Remote:	No
Local:	Yes
Published:	Aug 24 2004 12:00AM
Updated:	May 08 2006 09:09PM
Credit:	Discovery of this issue is credited to Rudolf Polzer <divzero@gmail.com>.
Vulnerable:	Sun Java Desktop System (JDS) 2.0 Sun Java Desktop System (JDS) 2003 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux 8.1 RedHat Linux 9.0 i386 RedHat Linux 7.3 i686 RedHat Linux 7.3 i386 RedHat Linux 7.3 RedHat Fedora Core1 GNU a2ps 4.13 b + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + OpenPKG OpenPKG 2.2 + OpenPKG OpenPKG 2.1 + OpenPKG OpenPKG Current GNU a2ps 4.13 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 10.0 Gentoo Linux

Not Vulnerable: