CVE-2001-1593

Name of the Vulnerable Software and Affected Versions a2ps versions 4.14 and earlier

Description The issue allows local users to modify arbitrary files via a symlink attack on a temporary file, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be exploited by a local attacker to perform a symbolic link attack, modifying an arbitrary file accessible to the user running a2ps. The tempname ensure function in lib/routines.h is specifically vulnerable, as used by the spy user function and possibly other functions.

Recommendations For a2ps versions 4.14 and earlier, consider disabling the tempname ensure function or restricting its use until a patch is available. As a temporary workaround, avoid using the spy user function to minimize the risk of exploitation. Restrict access to temporary files used by a2ps to prevent symbolic link attacks.