Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:195 (dvips)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50951

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2002:195 (dvips)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2002:195.

The dvips utility converts DVI format into PostScript(TM), and is used in
Red Hat Linux as a print filter for printing DVI files. A vulnerability
has been found in dvips which uses the system() function insecurely when
managing fonts.

Since dvips is used in a print filter, this allows local or remote
attackers who have print access to carefully craft a print job that allows
them to execute arbitrary code as the user 'lp'.

A work around for this vulnerability is to remove the print filter for DVI
files. The following commands, run as root, will accomplish this:

rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters
rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi

However, to fix the problem in the dvips utility as well as remove the
print filter we recommend that all users upgrade to the these packages
contained within this erratum which contain a patch for this issue.

This vulnerability was discovered by Olaf Kirch of SuSE.

Additionally, the file /var/lib/texmf/ls-R had world-writable permissions.

This issue is also fixed by the packages contained within this erratum.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-195.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 5978
Common Vulnerability Exposure (CVE) ID: CVE-2002-0836
http://www.securityfocus.com/bid/5978
Bugtraq: 20021018 GLSA: tetex (Google Search)
http://marc.info/?l=bugtraq&m=103497852330838&w=2
Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search)
http://marc.info/?l=bugtraq&m=104005975415582&w=2
CERT/CC vulnerability note: VU#169841
http://www.kb.cert.org/vuls/id/169841
Conectiva Linux advisory: CLA-2002:537
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
Debian Security Information: DSA-207 (Google Search)
http://www.debian.org/security/2002/dsa-207
HPdes Security Advisory: HPSBTL0210-073
http://www.securityfocus.com/advisories/4567
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
http://www.redhat.com/support/errata/RHSA-2002-194.html
http://www.redhat.com/support/errata/RHSA-2002-195.html
http://www.iss.net/security_center/static/10365.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50951
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:195 (dvips)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:195. The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that allows them to execute arbitrary code as the user 'lp'. A work around for this vulnerability is to remove the print filter for DVI files. The following commands, run as root, will accomplish this: rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi However, to fix the problem in the dvips utility as well as remove the print filter we recommend that all users upgrade to the these packages contained within this erratum which contain a patch for this issue. This vulnerability was discovered by Olaf Kirch of SuSE. Additionally, the file /var/lib/texmf/ls-R had world-writable permissions. This issue is also fixed by the packages contained within this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-195.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 5978 Common Vulnerability Exposure (CVE) ID: CVE-2002-0836 http://www.securityfocus.com/bid/5978 Bugtraq: 20021018 GLSA: tetex (Google Search) http://marc.info/?l=bugtraq&m=103497852330838&w=2 Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search) http://marc.info/?l=bugtraq&m=104005975415582&w=2 CERT/CC vulnerability note: VU#169841 http://www.kb.cert.org/vuls/id/169841 Conectiva Linux advisory: CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Debian Security Information: DSA-207 (Google Search) http://www.debian.org/security/2002/dsa-207 HPdes Security Advisory: HPSBTL0210-073 http://www.securityfocus.com/advisories/4567 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php http://www.redhat.com/support/errata/RHSA-2002-194.html http://www.redhat.com/support/errata/RHSA-2002-195.html http://www.iss.net/security_center/static/10365.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com