LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

dvips: command execution vulnerability

Package(s):dvips CVE #(s):CAN-2002-0836
Created:October 16, 2002 Updated:June 10, 2003
Description: The dvips utility uses the system() function improperly when managing fonts. An attacker who can craft the right sort of print job can use this vulnerability to execute commands under the UID used by the print system.
Alerts:
Immunix IMNX-2003-7+-016-01 2003-06-09
OpenPKG OpenPKG-SA-2002.015 2002-12-16
Debian DSA-207-1 2002-12-11
Conectiva CLA-2002:537 2002-10-29
Mandrake MDKSA-2002:071 2002-10-24
Mandrake MDKSA-2002:070 2002-10-23
Gentoo tetex-20021018 2002-10-18
Red Hat RHSA-2002:194-18 2002-10-08
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds