| |||||||||||||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51546 |
| Categoría: | Conectiva Local Security Checks |
| Título: | Conectiva Security Advisory CLA-2002:537 |
| Resumen: | Conectiva Security Advisory CLA-2002:537 |
| Descripción: | The remote host is missing updates announced in advisory CLA-2002:537. tetex contains the TeX typesetting system. Among other features, it includes support to generate documents using LaTeX, which is widely used for the production of technical and scientific documentation. It also contains a set of utilities to work with and convert various file formats, such as DVI, PDF, PS and others. Olaf Kirch from SuSE discovered a vulnerability in the dvips utility, which is used to convert .dvi files to PostScript. dvips is calling the system() function in an insecure way when handling font names. An attacker can exploit this by creating a carefully crafted dvi file which, when opened by dvips, will cause the execution of arbitrary commands. Since dvips is used as a default filter by the printing system (LPRng) of Conectiva Linux 6.0 and 7.0, an attacker with permissions to send printer jobs could execute arbitrary commands with the privileges of the 'lp' user (which is the system user responsible for the printing system) by sending a dvi file to be printed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0836 to this issue[1]. Some preventive fixes related to the use of temporary files were added to the tetex packages of Conectiva Linux 6.0 and 7.0. The packages distributed with Conectiva Linux 8 already have such fixes. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0836 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High |
| Referencia Cruzada: |
BugTraq ID: 5978 Common Vulnerability Exposure (CVE) ID: CVE-2002-0836 http://www.redhat.com/support/errata/RHSA-2002-194.html http://www.redhat.com/support/errata/RHSA-2002-195.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php Debian Security Information: DSA-207 (Google Search) http://www.debian.org/security/2002/dsa-207 Bugtraq: 20021018 GLSA: tetex (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2 Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2 Conectiva Linux advisory: CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 HPdes Security Advisory: HPSBTL0210-073 http://www.securityfocus.com/advisories/4567 CERT/CC vulnerability note: VU#169841 http://www.kb.cert.org/vuls/id/169841 http://www.securityfocus.com/bid/5978 http://www.iss.net/security_center/static/10365.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |
|
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois
© 1998-2013 E-Soft Inc. Todos los derechos reservados.