Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:169841
HistoryOct 16, 2002 - 12:00 a.m.

dvips uses system() function insecurely thereby allowing arbitrary command execution

2002-10-1600:00:00
www.kb.cert.org
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

Overview

A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

The dvips utility is used to convert DVI files to PostScript™. Typically the output is sent to the printer.

RHSA-2002:194-18 states the vulnerability occurs because dvips, “uses the system() function insecurely when managing fonts.”

Impact

A remote attacker can execute arbitrary code with the privileges of the lp user.

Solution

Apply a patch.

Workaround

The following workaround is taken from RHSA-2002:194-18:

A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this:
rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi
However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue.

Vendor Information

169841

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian __ Affected

Updated: December 12, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

`- --------------------------------------------------------------------------
Debian Security Advisory DSA 207-1 [email protected]
<http://www.debian.org/security/> Martin Schulze
December 11th, 2002 <http://www.debian.org/security/faq>

Package : tetex-bin
Vulnerability : arbitrary command execution
Problem-type : remote
Debian-specific: no
CVE Id : CAN-2002-0836
The SuSE security team discovered a vulnerability in kpathsea library
(libkpathsea) which is used by xdvi and dvips. Both programs call the
system() function insecurely, which allows a remote attacker to
execute arbitrary commands via cleverly crafted DVI files.
If dvips is used in a print filter, this allows a local or remote
attacker with print permission execute arbitrary code as the printer
user (usually lp).
This problem has been fixed in version 1.0.7+20011202-7.1for the
current stable distribution (woody), in version 1.0.6-7.3 for the old
stable distribution (potato) and in version 1.0.7+20021025-4 for the
unstable distribution (sid). xdvik-ja and dvipsk-ja are vulnerable as
well, but link to the kpathsea library dynamically and will
automatically be fixed after a new libkpathsea is installed.
We recommend that you upgrade your tetex-lib package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
`

`Debian GNU/Linux 2.2 alias potato

Source archives:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3.dsc>
Size/MD5 checksum: 681 85d39461d6074e345475974700302ca5
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3.diff.gz>
Size/MD5 checksum: 21219 fc56db28dde023dd14b8dfba2c305ed8
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6.orig.tar.gz>
Size/MD5 checksum: 7991177 6cb0539e028dc2629b59364c336e9f02
Alpha architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_alpha.deb>
Size/MD5 checksum: 3345472 92b942291b77f8bb1c51d47e7e442200
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_alpha.deb>
Size/MD5 checksum: 86086 ffceb41144a78755652b05e62690503a
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_alpha.deb>
Size/MD5 checksum: 46436 9a8301c361af3537ce71b671f290d118
ARM architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_arm.deb>
Size/MD5 checksum: 3128872 a7d4c2fa53e548b25f3eff5260ce0cba
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_arm.deb>
Size/MD5 checksum: 66412 76eea8557db60db134f7e5c69667866e
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_arm.deb>
Size/MD5 checksum: 35326 805f9c77405093e812afac2fb151db44
Intel IA-32 architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_i386.deb>
Size/MD5 checksum: 2656066 7a84a5905bf56c67a0eaf4d4fbd12ffd
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_i386.deb>
Size/MD5 checksum: 63794 262135c0af64616080f10573fb2af29d
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_i386.deb>
Size/MD5 checksum: 33194 4a042dc080fb61834fea8bd3b5c50123
Motorola 680x0 architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_m68k.deb>
Size/MD5 checksum: 2470542 b19ef2ede1a49f823b0ce189f010ed71
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_m68k.deb>
Size/MD5 checksum: 63010 3f1d9c790839a271e8ad3371a062b99e
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_m68k.deb>
Size/MD5 checksum: 33454 6821d66ef900023deb6a125d84f7436a
PowerPC architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_powerpc.deb>
Size/MD5 checksum: 3064800 bb353bcc816dd2addc54c3f723a7314d
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_powerpc.deb>
Size/MD5 checksum: 74960 86fe8df6b1605a76e98ef435a9b4d94d
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_powerpc.deb>
Size/MD5 checksum: 37252 b3c71917f22d84c2bdb97c5b63532e52
Sun Sparc architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_sparc.deb>
Size/MD5 checksum: 3067948 ccbc6c50d89ee3ff1f4b62daf79748e2
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_sparc.deb>
Size/MD5 checksum: 71708 01e2610c8d35a7bab8369e5f3ba1df71
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_sparc.deb>
Size/MD5 checksum: 40442 6cf1c922eada4a22178a853142c91713
`

`Debian GNU/Linux 3.0 alias woody

Source archives:
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1.dsc>
Size/MD5 checksum: 874 8f366565d4f387475f6ef6bb9aa974d7
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1.tar.gz>
Size/MD5 checksum: 10324253 f450e1704d90950f85bb31eefbf2f45e
Alpha architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_alpha.deb>
Size/MD5 checksum: 84650 d79e3667791a8110019cb2f96c0d0516
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_alpha.deb>
Size/MD5 checksum: 52786 db83b6b35fc7b932aaf0e8f59ae7da7a
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_alpha.deb>
Size/MD5 checksum: 4567604 70774235aa253481147d28d685abbaea
ARM architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_arm.deb>
Size/MD5 checksum: 65274 90a77d388e36745006ec0aaa6417491d
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_arm.deb>
Size/MD5 checksum: 43402 108a54db3c99b58188cdee22b965c005
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_arm.deb>
Size/MD5 checksum: 3703124 8439e1875463efc76cbf58e37e17a33a
Intel IA-32 architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_i386.deb>
Size/MD5 checksum: 62628 31a398d458ed0fd5939929f3afcd8e57
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_i386.deb>
Size/MD5 checksum: 40500 ade94b526f08f7edb80b7c8126578ad4
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_i386.deb>
Size/MD5 checksum: 3136836 98eedd394be628b62bf489ccf4ac7288
Intel IA-64 architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_ia64.deb>
Size/MD5 checksum: 89724 acd2ca69f8c92a269ecb53ac10b428dd
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_ia64.deb>
Size/MD5 checksum: 63122 56fb6234748eab1261fe6779cc2bd5f9
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_ia64.deb>
Size/MD5 checksum: 5597520 b4342bdcba6ea92adfc6fd547246e597
HP Precision architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_hppa.deb>
Size/MD5 checksum: 79348 686d1ad04aa6d07ebd33622f78d4c0b3
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_hppa.deb>
Size/MD5 checksum: 49110 204b2d736e592c19a864e6edbe013db3
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_hppa.deb>
Size/MD5 checksum: 4105546 a4eda30de5ed51e1c75f979a069b0c67
Motorola 680x0 architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_m68k.deb>
Size/MD5 checksum: 61940 79ae1c797a94286d2571431a387ed410
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_m68k.deb>
Size/MD5 checksum: 41130 0ebbbf434a9981d68aadc166bf8ba264
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_m68k.deb>
Size/MD5 checksum: 2922476 80cd4093b37cd3f67571d427c270cce7
Big endian MIPS architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_mips.deb>
Size/MD5 checksum: 75094 05006f5ed906f1a154e2f653a7d43d19
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_mips.deb>
Size/MD5 checksum: 42156 71efe3f47f1cfe1fa94bc977832d14b3
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_mips.deb>
Size/MD5 checksum: 3941092 22b7964938513694d7665c832b234035
Little endian MIPS architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_mipsel.deb>
Size/MD5 checksum: 74886 833cc732ed934563f5582b652dc4b056
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_mipsel.deb>
Size/MD5 checksum: 42350 4e50a31e4f219f53146a7f790bde4747
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_mipsel.deb>
Size/MD5 checksum: 3899354 17f6313d6073d1557c988e028b5a7bb0
PowerPC architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_powerpc.deb>
Size/MD5 checksum: 73934 2a6a193f1acb64784473965cc49ac610
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_powerpc.deb>
Size/MD5 checksum: 45040 45b3a8a439e7eb68cc87f24ebe81e945
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_powerpc.deb>
Size/MD5 checksum: 3586312 9fa3b7e4c724db99e0214204b791123e
IBM S/390 architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_s390.deb>
Size/MD5 checksum: 63928 f45e1a0bd5b9e69a3c8f9db16cd041df
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_s390.deb>
Size/MD5 checksum: 43052 489de74e0a77f1269fbd116ddbb922a3
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_s390.deb>
Size/MD5 checksum: 3383454 3ada8fc381e60370cdf037e817b3978c
Sun Sparc architecture:
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_sparc.deb>
Size/MD5 checksum: 70708 a34f6c87173cb0754e435cfd0040f7d3
<http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_sparc.deb>
Size/MD5 checksum: 48512 e80f52795254d7fc3adac437a0898d97
<http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_sparc.deb>
Size/MD5 checksum: 3598374 8b834d6c56cba09cbdb9402f4b263141
`

These files will probably be moved into the stable distribution on its next revision.
- --------------------------------------------------------------------------------- For apt-get: deb ``&lt;http://security.debian.org/&gt;`` stable/updates main For dpkg-ftp: ``&lt;ftp://security.debian.org/debian-security&gt;`` dists/stable/updates/main Mailing list: [email protected] Package info: apt-cache show <pkg>’ and <http://packages.debian.org/&gt;&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE992nFW5ql+IAeqTIRAmnAAJ9xPQ1/mK1iadasCV018TRTmi0A9ACdGTWc
GLEiop8ABcFM2/NYeNArC/c=
=hxBr
-----END PGP SIGNATURE-----`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23169841 Feedback>).

Red Hat Inc. __ Affected

Updated: October 16, 2002

Status

Affected

Vendor Statement

<https://rhn.redhat.com/errata/RHSA-2002-194.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23169841 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Olaf Kirch of SuSE.

This document was written by Ian A. Finlay and is based on information provided by Red Hat Inc.

Other Information

CVE IDs: CVE-2002-0836
Severity Metric: 24.84 Date Public:

Related

nessus 4
debian 2
cvelist 1
osv 1
securityvulns 1
openvas 2
cve 1
nessus
nessus
Mandrake Linux Security Advisory : teetx (MDKSA-2002:070)
2004-07-31 00:00:00
Debian DSA-207-1 : tetex-bin - arbitrary command execution
2004-09-29 00:00:00
RHEL 2.1 : tetex (RHSA-2002:195)
2004-07-06 00:00:00
debian
debian
[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution
2002-12-11 16:37:28
[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution
2002-12-11 00:00:00
cvelist
cvelist
CVE-2002-0836
2004-09-01 04:00:00
osv
osv
tetex-bin - arbitrary command execution
2002-12-11 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution
2002-12-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 207-1 (tetex-bin)
2008-01-17 00:00:00
Debian Security Advisory DSA 207-1 (tetex-bin)
2008-01-17 00:00:00
cve
cve
CVE-2002-0836
2002-10-28 05:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for VU:169841
nessus4debian2cvelist1osv1securityvulns1openvas2cve1