PSToText Filename Handling Shell Command Execution Vulnerability

Bugtraq ID:	21299
Class:	Input Validation Error
CVE:	CVE-2006-5869
Remote:	No
Local:	Yes
Published:	Nov 27 2006 12:00AM
Updated:	Nov 29 2006 04:39PM
Credit:	Brian May is credited with the discovery of this issue.
Vulnerable:	Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:

PSToText Filename Handling Shell Command Execution Vulnerability

The 'pstotext' utility is prone to a vulnerability that may permit the execution of arbitrary shell commands. This issue occurs because the application fails to properly sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary shell commands with the privileges of the application.

PSToText Filename Handling Shell Command Execution Vulnerability

Solution:
Please see the referenced advisories for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

PSToText Filename Handling Shell Command Execution Vulnerability

References:

• pstotext Home Page (pstotext)