Description
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
References (7)
Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
Various Sources x_refsource_confirm
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1060630
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/253
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/257
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2892
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/237
Scores
EPSS
0.0006
EPSS Percentile
18.3%
Details
CWE
CWE-59
Status
published
Products (6)
gnu/a2ps
4.10.3
gnu/a2ps
4.10.4
gnu/a2ps
4.12
gnu/a2ps
4.13
gnu/a2ps
4.13b
gnu/a2ps
< 4.14
Published
Apr 05, 2014
Tracked Since
Feb 18, 2026