LPRng/rhs-printfilters - remote execution of commands

posted to vendor security ppl, no reply, no patch, so posting here. --begin forwarded message-- RedHat 7.0 possibly others If the lpd is listening on 0.0.0.0 and no access controls are in place, it is possible to execute commands as the lp user, assuming tetex-dvips is installed. From man dvips...