Test ID:	1.3.6.1.4.1.25623.1.0.50504
Category:	Ubuntu Local Security Checks
Title:	Ubuntu 4.10 USN-68-1 (enscript)
Summary:	Ubuntu 4.10 USN-68-1 (enscript)
Description:	The remote host is missing an update to enscript announced via advisory USN-68-1. Erik Sjoelund discovered several vulnerabilities in enscript which could cause arbitrary code execution with the privileges of the user calling enscript. Quotes and other shell escape characters in titles and file names were not handled in previous versions. (CVE-2004-1184) Previous versions supported reading EPS data not only from a file, but also from an arbitrary command pipe. Since checking for unwanted side effects is infeasible, this feature has been disabled after consultation with the authors of enscript. (CVE-2004-1185) Finally, this update fixes two buffer overflows which were triggered by certain input files. (CVE-2004-1186) These issues can lead to privilege escalation if enscript is called automatically from web server applications like viewcvs. The following packages are affected: enscript Solution: The problem can be corrected by upgrading the affected package to version 1.6.4-4ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2005-January/000070.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1184 Bugtraq: 20060526 rPSA-2006-0083-1 enscript (Google Search) http://www.securityfocus.com/archive/1/archive/1/435199/100/0/threaded http://lists.apple.com/archives/security-announce/2009/May/msg00002.html Debian Security Information: DSA-654 (Google Search) http://www.debian.org/security/2005/dsa-654 http://www.securityfocus.com/archive/1/archive/1/419768/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:033 http://www.redhat.com/support/errata/RHSA-2005-040.html http://www.ubuntulinux.org/support/documentation/usn/usn-68-1 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html BugTraq ID: 12329 http://www.securityfocus.com/bid/12329 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9658 http://securitytracker.com/id?1012965 http://secunia.com/advisories/35074 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: enscript-epsf-command-ececution(19012) http://xforce.iss.net/xforce/xfdb/19012 Common Vulnerability Exposure (CVE) ID: CVE-2004-1185 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10808 XForce ISS Database: enscript-filename-command-execution(19029) http://xforce.iss.net/xforce/xfdb/19029 Common Vulnerability Exposure (CVE) ID: CVE-2004-1186 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11134 XForce ISS Database: enscript-multiple-bo(19033) http://xforce.iss.net/xforce/xfdb/19033
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: