CVE-2004-1184

Current Description

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

Basic Data

PublishedJanuary 21, 2005
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnuEnscript1.4*******
    2.3ApplicationGnuEnscript1.5*******
    2.3ApplicationGnuEnscript1.6*******
    2.3ApplicationGnuEnscript1.6.1*******
    2.3ApplicationGnuEnscript1.6.2*******
    2.3ApplicationGnuEnscript1.6.3*******
    2.3ApplicationGnuEnscript1.6.4*******
    2.3ApplicationSgiPropack3.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSSuseSuse Linux1.0*******
    2.3OSSuseSuse Linux2.0*******
    2.3OSSuseSuse Linux3.0*******
    2.3OSSuseSuse Linux4.0*******
    2.3OSSuseSuse Linux4.2*******
    2.3OSSuseSuse Linux4.3*******
    2.3OSSuseSuse Linux4.4*******
    2.3OSSuseSuse Linux4.4.1*******
    2.3OSSuseSuse Linux5.0*******
    2.3OSSuseSuse Linux5.1*******
    2.3OSSuseSuse Linux5.2*******
    2.3OSSuseSuse Linux5.3*******
    2.3OSSuseSuse Linux6.0*******
    2.3OSSuseSuse Linux6.1*******
    2.3OSSuseSuse Linux6.1alpha******
    2.3OSSuseSuse Linux6.2*******
    2.3OSSuseSuse Linux6.3*******
    2.3OSSuseSuse Linux6.3*ppc*****
    2.3OSSuseSuse Linux6.3alpha******
    2.3OSSuseSuse Linux6.4*******
    2.3OSSuseSuse Linux6.4*i386*****
    2.3OSSuseSuse Linux6.4*ppc*****
    2.3OSSuseSuse Linux6.4alpha******
    2.3OSSuseSuse Linux7.0*******
    2.3OSSuseSuse Linux7.0*i386*****
    2.3OSSuseSuse Linux7.0*ppc*****
    2.3OSSuseSuse Linux7.0*sparc*****
    2.3OSSuseSuse Linux7.0alpha******
    2.3OSSuseSuse Linux7.1*******
    2.3OSSuseSuse Linux7.1*spa*****
    2.3OSSuseSuse Linux7.1*sparc*****
    2.3OSSuseSuse Linux7.1*x86*****
    2.3OSSuseSuse Linux7.1alpha******
    2.3OSSuseSuse Linux7.2*******
    2.3OSSuseSuse Linux7.2*i386*****
    2.3OSSuseSuse Linux7.3*******
    2.3OSSuseSuse Linux7.3*i386*****
    2.3OSSuseSuse Linux7.3*ppc*****
    2.3OSSuseSuse Linux7.3*sparc*****
    2.3OSSuseSuse Linux8.0*******
    2.3OSSuseSuse Linux8.0*i386*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.1*x86_64*****
    2.3OSSuseSuse Linux9.2*******
    2.3OSSuseSuse Linux9.2*x86_64*****

Vulnerable Software List

VendorProductVersions
Redhat Fedora Core core_2.0, core_3.0
Sgi Propack 3.0
Gnu Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4
Suse Suse Linux 1.0, 2.0, 3.0, 4.0, 4.2, 4.3, 4.4, 4.4.1, 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, 7.2, 7.3, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
APPLE-SA-2009-05-12http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlAPPLE
35074http://secunia.com/advisories/35074SECUNIA
1012965http://securitytracker.com/id?1012965SECTRACK
http://support.apple.com/kb/HT3549http://support.apple.com/kb/HT3549CONFIRM
DSA-654http://www.debian.org/security/2005/dsa-654DEBIANPatch Vendor Advisory
GLSA-200502-03http://www.gentoo.org/security/en/glsa/glsa-200502-03.xmlGENTOOPatch Vendor Advisory
MDKSA-2005:033http://www.mandriva.com/security/advisories?name=MDKSA-2005:033MANDRAKE
RHSA-2005:040http://www.redhat.com/support/errata/RHSA-2005-040.htmlREDHATPatch Vendor Advisory
FLSA:152892http://www.securityfocus.com/archive/1/419768/100/0/threadedFEDORA
20060526 rPSA-2006-0083-1 enscripthttp://www.securityfocus.com/archive/1/435199/100/0/threadedBUGTRAQ
12329http://www.securityfocus.com/bid/12329BID
TA09-133Ahttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlCERTUS Government Resource
ADV-2009-1297http://www.vupen.com/english/advisories/2009/1297VUPEN
enscript-epsf-command-ececution(19012)https://exchange.xforce.ibmcloud.com/vulnerabilities/19012XF
oval:org.mitre.oval:def:9658https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658OVAL
USN-68-1https://usn.ubuntu.com/68-1/UBUNTU