Vulnerabilities > CVE-2006-5869 - Unspecified vulnerability in Pstotext 1.9
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1220.NASL |
description | Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23737 |
published | 2006-11-28 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23737 |
title | Debian DSA-1220-1 : pstotext - insecure file name quoting |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356988
- http://secunia.com/advisories/20012
- http://secunia.com/advisories/23135
- http://www.debian.org/security/2006/dsa-1220
- http://www.securityfocus.com/bid/17897
- http://www.securityfocus.com/bid/21299
- http://www.vupen.com/english/advisories/2006/1707