| Vulnerability Name: | CVE-2001-1002 (CCN-16509) | ||||||||
| Assigned: | 2001-08-31 | ||||||||
| Published: | 2001-08-31 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-1002 Source: BUGTRAQ Type: UNKNOWN 20010827 LPRng/rhs-printfilters - remote execution of commands Source: CCN Type: RHSA-2001-102 New teTeX packages available Source: CCN Type: OSVDB ID: 835 Red Hat Linux lpd DVI Print Filter (dvips) Remote Command Execution Source: REDHAT Type: Patch, Vendor Advisory RHSA-2001:102 Source: BID Type: Patch, Vendor Advisory 3241 Source: CCN Type: BID-3241 Lpd Remote Command Execution via DVI Printfilter Configuration Error Source: XF Type: UNKNOWN dvips-lpd-command-execution(16509) Source: XF Type: UNKNOWN dvips-lpd-command-execution(16509) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||