Description
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
References (7)
Core 7
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12108
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200501-02.xml
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12109
Various Sources x_refsource_confirm
http://www.vuxml.org/freebsd/9168253c-5a6d-11d9-a9e7-0001020eed82.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18671
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18672
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13641
Scores
EPSS
0.0007
EPSS Percentile
21.8%
Details
Status
published
Products (7)
gnu/a2ps
4.13
gnu/a2ps
4.13b
turbolinux/turbolinux_home
turbolinux/turbolinux_server
7.0
turbolinux/turbolinux_server
8.0
turbolinux/turbolinux_workstation
7.0
turbolinux/turbolinux_workstation
8.0
Published
Dec 27, 2004
Tracked Since
Feb 18, 2026