{"vuid":"VU#169841","idnumber":"169841","name":"dvips uses system() function insecurely thereby allowing arbitrary command execution","keywords":["dvips","system() function","arbitrary command execution"],"overview":"A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"The dvips utility is used to convert DVI files to PostScript(TM). Typically the output is sent to the printer. RHSA-2002:194-18 states the vulnerability occurs because dvips, \"uses the system() function insecurely when managing fonts.\"","impact":"A remote attacker can execute arbitrary code with the privileges of the lp user.","resolution":"Apply a patch.","workarounds":"Workaround The following workaround is taken from RHSA-2002:194-18: A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this: rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters\nrm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue.","sysaffected":"","thanks":"This vulnerability was discovered by \nOlaf Kirch\n of \nSuSE","author":"This document was written by Ian A. Finlay and is based on information provided by Red Hat Inc.","public":["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836","https://rhn.redhat.com/errata/RHSA-2002-194.html","http://www.radicaleye.com/dvips.html"],"cveids":["CVE-2002-0836"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-10-15T15:54:11Z","publicdate":"2002-10-15T00:00:00Z","datefirstpublished":"2002-10-16T17:11:17Z","dateupdated":"2002-12-12T19:41:16Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"16","cam_attackeraccessrequired":"20","cam_scorecurrent":"24.84","cam_scorecurrentwidelyknown":"30.24","cam_scorecurrentwidelyknownexploited":"51.84","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":24.84,"vulnote":null}