Vulnerabilities > CVE-2002-0836
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| OS | 8 | |
| OS | 18 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-070.NASL description A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. last seen 2020-06-01 modified 2020-06-02 plugin id 13970 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13970 title Mandrake Linux Security Advisory : teetx (MDKSA-2002:070) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:070. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13970); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0836"); script_xref(name:"MDKSA", value:"2002:070"); script_name(english:"Mandrake Linux Security Advisory : teetx (MDKSA-2002:070)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-afm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvilj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvipdfm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-latex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-xdvi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-afm-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-doc-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-dvilj-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-dvips-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-latex-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tetex-xdvi-1.0.7-11.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-afm-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-doc-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-dvilj-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-dvipdfm-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-dvips-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-latex-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tetex-xdvi-1.0.7-21.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-afm-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-doc-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-dvilj-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-dvipdfm-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-dvips-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-latex-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tetex-xdvi-1.0.7-31.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-afm-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-doc-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-dvilj-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-dvipdfm-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-dvips-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-latex-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tetex-xdvi-1.0.7-44.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-afm-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-doc-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-dvilj-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-dvipdfm-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-dvips-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-latex-1.0.7-61mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tetex-xdvi-1.0.7-61mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-207.NASL description The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files. If dvips is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printer user (usually lp). last seen 2020-06-01 modified 2020-06-02 plugin id 15044 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15044 title Debian DSA-207-1 : tetex-bin - arbitrary command execution code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-207. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15044); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0836"); script_xref(name:"DSA", value:"207"); script_name(english:"Debian DSA-207-1 : tetex-bin - arbitrary command execution"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files. If dvips is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printer user (usually lp)." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-207" ); script_set_attribute( attribute:"solution", value: "Upgrade the tetex-lib package immediately. This problem has been fixed in version 1.0.7+20011202-7.1 for the current stable distribution (woody), in version 1.0.6-7.3 for the old stable distribution (potato) and in version 1.0.7+20021025-4 for the unstable distribution (sid). xdvik-ja and dvipsk-ja are vulnerable as well, but link to the kpathsea library dynamically and will automatically be fixed after a new libkpathsea is installed." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tetex-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"tetex-bin", reference:"1.0.6-7.3")) flag++; if (deb_check(release:"2.2", prefix:"tetex-dev", reference:"1.0.6-7.3")) flag++; if (deb_check(release:"2.2", prefix:"tetex-lib", reference:"1.0.6-7.3")) flag++; if (deb_check(release:"3.0", prefix:"libkpathsea-dev", reference:"1.0.7+20011202-7.1")) flag++; if (deb_check(release:"3.0", prefix:"libkpathsea3", reference:"1.0.7+20011202-7.1")) flag++; if (deb_check(release:"3.0", prefix:"tetex-bin", reference:"1.0.7+20011202-7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-071.NASL description A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages. last seen 2020-06-01 modified 2020-06-02 plugin id 13971 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13971 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:071. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13971); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0836", "CVE-2002-0838", "CVE-2002-1223"); script_xref(name:"MDKSA", value:"2002:071"); script_name(english:"Mandrake Linux Security Advisory : kdegraphics (MDKSA-2002:071)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages." ); script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20021008-1.txt" ); script_set_attribute( attribute:"solution", value: "Update the affected kdegraphics, kdegraphics-devel and / or kdegraphics-static-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdegraphics-2.2.1-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdegraphics-static-devel-2.2.1-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdegraphics-2.2.2-15.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdegraphics-devel-2.2.2-15.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdegraphics-3.0.3-11.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdegraphics-devel-3.0.3-11.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-195.NASL description Updated packages for dvips are available which fix a vulnerability allowing print users to execute arbitrary commands. [Updated 13 Aug 2003] Added tetex-doc package that was originally left out of the errata. The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that allows them to execute arbitrary code as the user last seen 2020-06-01 modified 2020-06-02 plugin id 12324 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12324 title RHEL 2.1 : tetex (RHSA-2002:195)
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
- http://marc.info/?l=bugtraq&m=103497852330838&w=2
- http://marc.info/?l=bugtraq&m=104005975415582&w=2
- http://www.debian.org/security/2002/dsa-207
- http://www.iss.net/security_center/static/10365.php
- http://www.kb.cert.org/vuls/id/169841
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
- http://www.redhat.com/support/errata/RHSA-2002-194.html
- http://www.redhat.com/support/errata/RHSA-2002-195.html
- http://www.securityfocus.com/advisories/4567
- http://www.securityfocus.com/bid/5978