Vulnerability Note VU#169841

dvips uses system() function insecurely thereby allowing arbitrary command execution

Original Release date: 16 Oct 2002 | Last revised: 12 Dec 2002

Overview

A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

The dvips utility is used to convert DVI files to PostScript(TM). Typically the output is sent to the printer.

RHSA-2002:194-18 states the vulnerability occurs because dvips, "uses the system() function insecurely when managing fonts."

Impact

A remote attacker can execute arbitrary code with the privileges of the lp user.

Solution

Apply a patch.

Workaround

The following workaround is taken from RHSA-2002:194-18:

A work around for this vulnerability is to remove the print filter for DVI files.  The following commands, run as root, will accomplish this:

rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters
rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi

However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected-12 Dec 2002
Red Hat Inc.Affected-16 Oct 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Olaf Kirch of SuSE.

This document was written by Ian A. Finlay and is based on information provided by Red Hat Inc.

Other Information

  • CVE IDs: CAN-2002-0836
  • Date Public: 15 Oct 2002
  • Date First Published: 16 Oct 2002
  • Date Last Updated: 12 Dec 2002
  • Severity Metric: 24.84
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.