search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

dvips uses system() function insecurely thereby allowing arbitrary command execution

Vulnerability Note VU#169841

Original Release Date: 2002-10-16 | Last Revised: 2002-12-12

Overview

A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

The dvips utility is used to convert DVI files to PostScript(TM). Typically the output is sent to the printer.

RHSA-2002:194-18 states the vulnerability occurs because dvips, "uses the system() function insecurely when managing fonts."

Impact

A remote attacker can execute arbitrary code with the privileges of the lp user.

Solution

Apply a patch.

Workaround

The following workaround is taken from RHSA-2002:194-18:

A work around for this vulnerability is to remove the print filter for DVI files.  The following commands, run as root, will accomplish this:

rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters
rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi

However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue.

Vendor Information

169841
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Olaf Kirch of SuSE.

This document was written by Ian A. Finlay and is based on information provided by Red Hat Inc.

Other Information

CVE IDs: CVE-2002-0836
Severity Metric: 24.84
Date Public: 2002-10-15
Date First Published: 2002-10-16
Date Last Updated: 2002-12-12 19:41 UTC
Document Revision: 14

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis