CVE-2004-1377

Description

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

How to fix CVE-2004-1377

To remediate CVE-2004-1377, upgrade the affected package to a fixed version below.

• Debian/a2ps—upgrade to 1:4.13b-4.3 or later

Is CVE-2004-1377 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:4.13b-4.3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-1377