GNU a2ps contains a flaw that may allow a malicious user to execute arbitrary files. The issue is triggered when a user uses a wildcard in a2ps filenames from within a world writeable directory. It is possible that the flaw may allow arbitrary code execution, resulting in a loss of confidentiality and/or integrity.

Currently, there are no known workarounds or upgrades to correct this issue. However, FreeBSD has released a patch to address this vulnerability within the FreeBSD operating system.

• Security Tracker: 1012475 1012629
• Secunia Advisory ID: 12375 13316 13519
• ISS X-Force ID: 17127
• CVE ID: 2004-1170 (see also: NVD)
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html
• Other Advisory URL: http://www.debian.org/security/2004/dsa-612
  http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:140
• Vendor Specific Solution URL: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/print/a2ps-letter/files/

• Rudolf Polzer - divzerogmail.com -