 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51546 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2002:537 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2002:537. tetex contains the TeX typesetting system. Among other features, it includes support to generate documents using LaTeX, which is widely used for the production of technical and scientific documentation. It also contains a set of utilities to work with and convert various file formats, such as DVI, PDF, PS and others. Olaf Kirch from SuSE discovered a vulnerability in the dvips utility, which is used to convert .dvi files to PostScript. dvips is calling the system() function in an insecure way when handling font names. An attacker can exploit this by creating a carefully crafted dvi file which, when opened by dvips, will cause the execution of arbitrary commands. Since dvips is used as a default filter by the printing system (LPRng) of Conectiva Linux 6.0 and 7.0, an attacker with permissions to send printer jobs could execute arbitrary commands with the privileges of the 'lp' user (which is the system user responsible for the printing system) by sending a dvi file to be printed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0836 to this issue[1]. Some preventive fixes related to the use of temporary files were added to the tetex packages of Conectiva Linux 6.0 and 7.0. The packages distributed with Conectiva Linux 8 already have such fixes. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0836 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
BugTraq ID: 5978 Common Vulnerability Exposure (CVE) ID: CVE-2002-0836 http://www.securityfocus.com/bid/5978 Bugtraq: 20021018 GLSA: tetex (Google Search) http://marc.info/?l=bugtraq&m=103497852330838&w=2 Bugtraq: 20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) (Google Search) http://marc.info/?l=bugtraq&m=104005975415582&w=2 CERT/CC vulnerability note: VU#169841 http://www.kb.cert.org/vuls/id/169841 Conectiva Linux advisory: CLA-2002:537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Debian Security Information: DSA-207 (Google Search) http://www.debian.org/security/2002/dsa-207 HPdes Security Advisory: HPSBTL0210-073 http://www.securityfocus.com/advisories/4567 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php http://www.redhat.com/support/errata/RHSA-2002-194.html http://www.redhat.com/support/errata/RHSA-2002-195.html http://www.iss.net/security_center/static/10365.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |