Vulnerability CVE-2002-0836 - CERT Civis.Net

Vulnerability Name:

CVE-2002-0836 (CCN-10365)

Assigned:

2002-10-08

Published:

2002-10-08

Updated:

2016-10-18

Summary:

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBTL0210-073
Security vulnerability in tetex (dvips)

Source: MITRE
Type: CNA
CVE-2002-0836

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:537

Source: CCN
Type: Conectiva Linux Announcement CLA-2002:537
dvips command execution vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20021018 GLSA: tetex

Source: BUGTRAQ
Type: UNKNOWN
20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)

Source: CCN
Type: RHSA-2002-194
Command execution vulnerability in dvips

Source: CCN
Type: RHSA-2002-195
tetex security update

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-207

Source: DEBIAN
Type: DSA-207
tetex-bin -- arbitrary command execution

Source: XF
Type: Vendor Advisory
dvips-system-execute-commands(10365)

Source: CCN
Type: US-CERT VU#169841
dvips uses system() function insecurely thereby allowing arbitrary command execution

Source: CERT-VN
Type: US Government Resource
VU#169841

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:070

Source: CCN
Type: Gentoo Linux Security Announcement 2002-10-18 22:00 UTC
Command execution vulnerability in dvips

Source: CCN
Type: Immunix Secured OS Security Advisory IMNX-2003-7+-016-01
tetex, psutils, w3c-libwww

Source: CCN
Type: OpenPKG-SA-2002.015
teTeX

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:194

Source: REDHAT
Type: UNKNOWN
RHSA-2002:195

Source: HP
Type: UNKNOWN
HPSBTL0210-073

Source: BID
Type: Patch, Vendor Advisory
5978

Source: CCN
Type: BID-5978
dvips Arbitrary Command Execution Vulnerability

Source: XF
Type: UNKNOWN
dvips-system-execute-commands(10365)

Vulnerable Configuration:

Configuration 1:

cpe:/o:hp:secure_os:1.0:*:linux:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*

OR cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:7.0:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:ia64:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:ia64:*:*:*:*:*

OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:8.0:*:i386:*:*:*:*:*

Configuration CCN 1:

cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:hp:secure_os:1.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:1.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:1.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:207	V	arbitrary command execution	2002-12-11