RHSA-2002:194: Command execution vulnerability in dvips

Description

dvips contains a vulnerability allowing print users to execute arbitrary commands [Updated 30 June 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that would allow them to execute arbitrary code as the user 'lp'. A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this: rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue. This vulnerability was discovered by Olaf Kirch of SuSE. Additionally, the file /var/lib/texmf/ls-R had world-writable permissions. This is also fixed in the packages referenced in this advisory.