VULHUB ™

Multiple vulnerabilities are reported in GNU enscript. The first issues are due to insufficient sanitization of user-supplied input data, leading to the possibility of arbitrary command execution. Multiple unspecified buffer-overflow vulnerabilities are also reported. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers. These issues are all locally exploitable, since enscript doesn't contain any network support. However, when enscript is combined with network-based applications such as 'viewcvs' and possibly others, these issues could likely be remotely exploited. The enscript utility is not installed with setuid privileges, but it may be used as a part of print-spooler systems. By exploiting these issues, attackers may be able to execute arbitrary commands or machine code in the context of the affected system that is using the affected utility. Other attacks are also possible,...

Multiple vulnerabilities are reported in GNU enscript. The first issues are due to insufficient sanitization of user-supplied input data, leading to the possibility of arbitrary command execution. Multiple unspecified buffer-overflow vulnerabilities are also reported. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers. These issues are all locally exploitable, since enscript doesn't contain any network support. However, when enscript is combined with network-based applications such as 'viewcvs' and possibly others, these issues could likely be remotely exploited. The enscript utility is not installed with setuid privileges, but it may be used as a part of print-spooler systems. By exploiting these issues, attackers may be able to execute arbitrary commands or machine code in the context of the affected system that is using the affected utility. Other attacks are also possible, depending on how the utility is used.