Vulnerability Description
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | A2Ps | <= 4.14 |
Related Weaknesses (CWE)
References
- http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
- http://seclists.org/oss-sec/2014/q1/237
- http://seclists.org/oss-sec/2014/q1/253
- http://seclists.org/oss-sec/2014/q1/257
- http://www.debian.org/security/2014/dsa-2892
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
- https://bugzilla.redhat.com/show_bug.cgi?id=1060630
- http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
- http://seclists.org/oss-sec/2014/q1/237
- http://seclists.org/oss-sec/2014/q1/253
- http://seclists.org/oss-sec/2014/q1/257
- http://www.debian.org/security/2014/dsa-2892
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
- https://bugzilla.redhat.com/show_bug.cgi?id=1060630
FAQ
What is CVE-2001-1593?
CVE-2001-1593 is a vulnerability with a CVSS score of 2.1 (LOW). The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attac...
How severe is CVE-2001-1593?
CVE-2001-1593 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1593?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu A2Ps.