Rapid7 Vulnerability & Exploit Database

RHSA-2002:194: Command execution vulnerability in dvips

Back to Search

RHSA-2002:194: Command execution vulnerability in dvips

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
10/28/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

dvips contains a vulnerability allowing print users to execute arbitrary commands [Updated 30 June 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that would allow them to execute arbitrary code as the user 'lp'. A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this: rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue. This vulnerability was discovered by Olaf Kirch of SuSE. Additionally, the file /var/lib/texmf/ls-R had world-writable permissions. This is also fixed in the packages referenced in this advisory.

Solution(s)

  • redhat-upgrade-tetex
  • redhat-upgrade-tetex-afm
  • redhat-upgrade-tetex-doc
  • redhat-upgrade-tetex-dvilj
  • redhat-upgrade-tetex-dvips
  • redhat-upgrade-tetex-fonts
  • redhat-upgrade-tetex-latex
  • redhat-upgrade-tetex-xdvi

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;