 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51546 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2002:537 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2002:537. tetex contains the TeX typesetting system. Among other features, it includes support to generate documents using LaTeX, which is widely used for the production of technical and scientific documentation. It also contains a set of utilities to work with and convert various file formats, such as DVI, PDF, PS and others. Olaf Kirch from SuSE discovered a vulnerability in the dvips utility, which is used to convert .dvi files to PostScript. dvips is calling the system() function in an insecure way when handling font names. An attacker can exploit this by creating a carefully crafted dvi file which, when opened by dvips, will cause the execution of arbitrary commands. Since dvips is used as a default filter by the printing system (LPRng) of Conectiva Linux 6.0 and 7.0, an attacker with permissions to send printer jobs could execute arbitrary commands with the privileges of the 'lp' user (which is the system user responsible for the printing system) by sending a dvi file to be printed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0836 to this issue[1]. Some preventive fixes related to the use of temporary files were added to the tetex packages of Conectiva Linux 6.0 and 7.0. The packages distributed with Conectiva Linux 8 already have such fixes. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0836 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5 |
| Querverweis: |
BugTraq ID: 5978 Common Vulnerability Exposure (CVE) ID: CVE-2002-0836 http://www.securityfocus.com/bid/5978 Bugtraq: 20021018 GLSA: tetex (Google Search) http://marc.info/?l=bugtraq&m=103497852330838&w=2 Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search) http://marc.info/?l=bugtraq&m=104005975415582&w=2 CERT/CC vulnerability note: VU#169841 http://www.kb.cert.org/vuls/id/169841 Conectiva Linux advisory: CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Debian Security Information: DSA-207 (Google Search) http://www.debian.org/security/2002/dsa-207 HPdes Security Advisory: HPSBTL0210-073 http://www.securityfocus.com/advisories/4567 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php http://www.redhat.com/support/errata/RHSA-2002-194.html http://www.redhat.com/support/errata/RHSA-2002-195.html http://www.iss.net/security_center/static/10365.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |