Vulnerability Note VU#169841
dvips uses system() function insecurely thereby allowing arbitrary command execution
OverviewA vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system.
I. DescriptionThe dvips utility is used to convert DVI files to PostScript(TM). Typically the output is sent to the printer.
RHSA-2002:194-18 states the vulnerability occurs because dvips, "uses the system() function insecurely when managing fonts."
II. ImpactA remote attacker can execute arbitrary code with the privileges of the lp user.
III. SolutionApply a patch.
Workaround
The following workaround is taken from RHSA-2002:194-18:
A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this:
rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters
rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi
However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Debian | Vulnerable | 12-Dec-2002 |
| Red Hat Inc. | Vulnerable | 16-Oct-2002 |
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836
https://rhn.redhat.com/errata/RHSA-2002-194.html
http://www.radicaleye.com/dvips.html
Credit
This vulnerability was discovered by Olaf Kirch of SuSE.
This document was written by Ian A. Finlay and is based on information provided by Red Hat Inc.
Other Information
| Date Public: | 2002-10-15 |
| Date First Published: | 2002-10-16 |
| Date Last Updated: | 2002-12-12 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2002-0836 |
| NVD-ID(s): | CAN-2002-0836 |
| US-CERT Technical Alerts: | |
| Metric: | 24.84 |
| Document Revision: | 14 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
Get Adobe Reader