Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0836

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0836
Last Modified 05 Sep 2008 04:29:04
Published 28 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0836

Summary

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

Vulnerable Systems

Operating System

  • Hp Secure Os 1.0

  • Mandrakesoft Mandrake Linux 7.2

  • Mandrakesoft Mandrake Linux 8.0

  • Mandrakesoft Mandrake Linux 8.1

  • Mandrakesoft Mandrake Linux 8.2

  • Mandrakesoft Mandrake Linux 9.0

  • Redhat Linux 6.2

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

  • Redhat Linux 7.3

  • Redhat Linux 8.0


References

CERT-VN - VU#169841

BID - 5978

REDHAT - RHSA-2002:194

DEBIAN - DSA-207

BUGTRAQ - 20021018 GLSA: tetex

XF - dvips-system-execute-commands(10365)

HP - HPSBTL0210-073

REDHAT - RHSA-2002:195

MANDRAKE - MDKSA-2002:070

BUGTRAQ - 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)

CONECTIVA - CLA-2002:537


Last Updated: 27 May 2016 10:37:06