Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-0836

Published: 28/10/2002 Updated: 18/10/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mandrakesoft

Vulnerability Summary

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote malicious users to execute arbitrary commands via certain print jobs, possibly involving fonts.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake linux 8.0

mandrakesoft mandrake linux 8.1

redhat linux 6.2

redhat linux 7.1

redhat linux 7.2

hp secure os 1.0

mandrakesoft mandrake linux 7.2

mandrakesoft mandrake linux 8.2

redhat linux 7.0

redhat linux 8.0

mandrakesoft mandrake linux 9.0

redhat linux 7.3

Vendor Advisories

Debian Security Advisories: DSA-207-1 tetex-bin -- arbitrary command execution
The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files If dvips is used in a print filter, this allows a local or remote attacker with print p ...

References

NVD-CWE-Otherhttp://www.redhat.com/support/errata/RHSA-2002-194.htmlhttp://www.securityfocus.com/bid/5978http://www.debian.org/security/2002/dsa-207http://www.iss.net/security_center/static/10365.phphttp://www.redhat.com/support/errata/RHSA-2002-195.htmlhttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.phphttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537http://www.securityfocus.com/advisories/4567http://www.kb.cert.org/vuls/id/169841http://marc.info/?l=bugtraq&m=103497852330838&w=2http://marc.info/?l=bugtraq&m=104005975415582&w=2https://nvd.nist.govhttps://www.debian.org/security/./dsa-207https://www.kb.cert.org/vuls/id/169841
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook