Note: This is an archival copy of Security Sun Alert 201182 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000893.1.
Date of Resolved Release
Insufficient validation of shell characters in "a2ps" causes a filename vulnerability that may allow a local unprivileged user to execute arbitrary code.
Note: The "Any to PostScript" filter (a2ps.1) formats files for printing to a PostScript printer.
A description of this issue can be found at http://www.securiteam.com/unixfocus/5MP0N2KDPA.html.
2. Contributing Factors
This issue can occur in the following releases:
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004
To determine the version of "a2ps" the following command can be run:
% rpm -qf /usr/bin/a2ps a2ps-4.13-1026
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue, remove the "a2ps RPM" by running the following command as "root":
# rpm -e `rpm -qf /usr/bin/a2ps`
This issue is addressed in the following releases:
To download and install the updated RPMs from the update servers, select the following sequence from the "launch" bar:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining RPM updates, see:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Sun Java Desktop System Release 2
This solution has no attachment