Vulnerabilities > CVE-2006-5869 - Unspecified vulnerability in Pstotext 1.9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN pstotext
nessus
Summary
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-1220.NASL |
| description | Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23737 |
| published | 2006-11-28 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/23737 |
| title | Debian DSA-1220-1 : pstotext - insecure file name quoting |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356988
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356988
- http://secunia.com/advisories/20012
- http://secunia.com/advisories/20012
- http://secunia.com/advisories/23135
- http://secunia.com/advisories/23135
- http://www.debian.org/security/2006/dsa-1220
- http://www.debian.org/security/2006/dsa-1220
- http://www.securityfocus.com/bid/17897
- http://www.securityfocus.com/bid/17897
- http://www.securityfocus.com/bid/21299
- http://www.securityfocus.com/bid/21299
- http://www.vupen.com/english/advisories/2006/1707
- http://www.vupen.com/english/advisories/2006/1707