CVE-2004-1170

a2ps 4.13 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1170. PoCs published by Rudolf Polzer.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in GNU a2ps due to improper sanitization of filenames. By creating a file with a crafted name containing shell commands, an attacker can execute arbitrary commands when a2ps processes the file.

Description

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rudolf Polzer · textlocallinux

https://www.exploit-db.com/exploits/24406

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in GNU a2ps due to improper sanitization of filenames. By creating a file with a crafted name containing shell commands, an attacker can execute arbitrary commands when a2ps processes the file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GNU a2ps version 4.13 (likely other versions as well)

No auth needed

Prerequisites: ability to create files in a directory processed by a2ps

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Issue Tracking x_refsource_confirm

http://bugs.debian.org/283134

Exploit, Patch, Vendor Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html

Mailing List vendor-advisory x_refsource_openpkg

http://marc.info/?l=bugtraq&m=110598355226660&w=2

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html

Various Sources x_refsource_misc

http://www.securiteam.com/unixfocus/5MP0N2KDPA.html

Third Party Advisory, VDB Entry vendor-advisory x_refsource_fedora

http://www.securityfocus.com/archive/1/419765/100/0/threaded

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57649-1&searchclause=

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12375

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17127

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2004:140

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11025

Scores

EPSS 0.1559

EPSS Percentile 94.8%

Details

Status published

Products (9)

gnu/a2ps 4.13

gnu/a2ps 4.13b

sun/java_desktop_system 2.0

sun/java_desktop_system 2003

suse/suse_linux 8

suse/suse_linux 8.1

suse/suse_linux 8.2

suse/suse_linux 9.0 (3 CPE variants)

suse/suse_linux 9.1

Published Jan 10, 2005

Tracked Since Feb 18, 2026