dvips system() function could allow an attacker to execute commands
| dvips-system-execute-commands (10365) |  High Risk |
Description:
dvips could allow a remote attacker to execute commands on the server, caused by a vulnerability in the way it uses the system() function to manage fonts. A remote attacker with print access could create a specially-crafted print job, which would allow the attacker to execute arbitrary commands on the system, once the print job is processed by the system() function.
Platforms Affected:
- Conectiva, Linux 6.0
- Conectiva, Linux 7.0
- Conectiva, Linux 8.0
- Debian, Debian Linux 2.2
- Debian, Debian Linux 3.0
- Gentoo, Linux
- HP, Secure OS 1.0
- Immunix, Immunix OS 7+-beta
- MandrakeSoft, Mandrake Linux 7.2
- MandrakeSoft, Mandrake Linux 8.0 PPC
- MandrakeSoft, Mandrake Linux 8.0
- MandrakeSoft, Mandrake Linux 8.1
- MandrakeSoft, Mandrake Linux 8.1 IA64
- MandrakeSoft, Mandrake Linux 8.2
- MandrakeSoft, Mandrake Linux 8.2 PPC
- MandrakeSoft, Mandrake Linux 9.0
- OpenPKG, OpenPKG 1.0
- OpenPKG, OpenPKG 1.1
- OpenPKG, OpenPKG CURRENT
- RedHat, Enterprise Linux 2.1 AS
- RedHat, Linux 6.2
- RedHat, Linux 7
- RedHat, Linux 7.1
- RedHat, Linux 7.1 for iSeries
- RedHat, Linux 7.1 for pSeries
- RedHat, Linux 7.2
- RedHat, Linux 7.3
- RedHat, Linux 8.0
Remedy:
For Red Hat Linux:
Upgrade to the latest dvips package, as listed below. Refer to Red Hat Security Advisory RHSA-2002:194-18 for more information. See References.
Red Hat 6.2: 1.0.6-11.3 or later
Red Hat 7.0: 1.0.7-8.3 or later
Red Hat 7.1: 1.0.7-15.10 or later
Red Hat 7.2: 1.0.7-38.3 or later
Red Hat 7.3: 1.0.7-47.1 or later
Red Hat 8.0: 1.0.7-57.1 or later
For Red Hat Linux containing the tetex package:
Upgrade to the latest tetex package, as listed below. Refer to RHSA-2003:262-07 for more information. See References.
Red Hat Enterprise Linux AS (v. 2.1): 1.0.7-38.4 or later
For Gentoo Linux:
Upgrade versions app-text/tetex-1.0.7-r10 and earlier, as listed in Gentoo Linux Security Announcement 2002-10-18 22:00 UTC. See References.
For Mandrake Linux:
Upgrade to the latest tetex package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2002:070 : tetex for more information. See References.
Linux-Mandrake 7.2: 1.0.7-11.2mdk or later
Mandrake Linux 8.0: 1.0.7-21.2mdk or later
Mandrake Linux 8.1: 1.0.7-31.2mdk or later
Mandrake Linux 8.2: 1.0.7-44.1mdk or later
Mandrake Linux 9.0: 1.0.7-61mdk or later
For Conectiva Linux containing the tetex package:
Upgrade to the latest tetex package, as listed below. Refer to Conectiva Linux Announcement CLSA-2002:537 for more information. See References.
Conectiva Linux 6.0: 1.0.7-8U60_1cl or later
Conectiva Linux 7.0: 1.0.7-11U70_1cl or later
Conectiva Linux 8.0: 1.0.7-13U80_1cl or later
For Debian GNU/Linux:
Upgrade to the latest tetex-bin package, as listed below. Refer to DSA-207-1 for more information. See References.
Debian GNU/Linux 2.2 (potato): 1.0.6-7.3 or later
Debian GNU/Linux 3.0 (woody): 1.0.7+20011202-7.1 or later
For OpenPKG:
Upgrade to the latest tetex package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2002.015 for more information. See References.
OpenPKG 1.0: 1.0.7-1.0.1 or later
OpenPKG 1.1: 1.0.7-1.1.1 or later
OpenPKG CURRENT:1.0.7-20021216 or later
For HP Secure OS Software for Linux 1.0: If your system has tetex installed, download the RPMs listed in RHSA-2002:194-18, specifically the section labeled Red Hat Linux 7.1. See References.
For Immunix:
Upgrade to the latest version of tetex (1.0.7-47.1_imnx_1 or later), as listed in Immunix Secured OS Security Advisory IMNX-2003-7+-016-01. See References.
For Immunix:
Upgrade to the latest version of psutils (1.17-13_imnx_1 or later), as listed in Immunix Secured OS Security Advisory IMNX-2003-7+-016-01. See References.
For Immunix:
Upgrade to the latest version of w3c-libwww (5.3.2-5_imnx_0.1 or later), as listed in Immunix Secured OS Security Advisory IMNX-2003-7+-016-01. See References.
For other distributions: Contact your vendor for upgrade or patch information.
Consequences:
Gain Access
References:
- Conectiva Linux Announcement CLA-2002:537, dvips command execution vulnerability at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000537.
- Gentoo Linux Security Announcement 2002-10-18 22:00 UTC, Command execution vulnerability in dvips at http://www.linuxsecurity.com/content/view/104236/109/. (From LinuxSecurity archive)
- Hewlett-Packard Company Security Bulletin HPSBTL0210-073, Security vulnerability in tetex (dvips) at http://archives.neohapsis.com/archives/hp/2002-q4/0005.html. (From Neohapsis archive)
- Immunix Secured OS Security Advisory IMNX-2003-7+-016-01, tetex, psutils, w3c-libwww at http://www.linuxsecurity.com/content/view/105082/105/. (From LinuxSecurity archive)
- BID-5978: dvips Arbitrary Command Execution Vulnerability
- CVE-2002-0836: dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
- DSA-207: tetex-bin -- arbitrary command execution
- MDKSA-2002:070: Updated tetex packages fix command execution vulnerabilities
- MDKSA-2002:071: Updated kdegraphics packages fix command execution vulnerabilities
- OpenPKG-SA-2002.015: teTeX
- RHSA-2002-194: Command execution vulnerability in dvips
- RHSA-2002-195: tetex security update
- US-CERT VU#169841: dvips uses system() function insecurely thereby allowing arbitrary command execution
Reported:
Oct 08, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net