CVE-2001-1002

critical

Description

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16509

http://www.securityfocus.com/bid/3241

http://www.redhat.com/support/errata/RHSA-2001-102.html

http://marc.info/?l=bugtraq&m=99892644616749&w=2

Details

Source: Mitre, NVD

Published: 2001-08-31

Updated: 2017-10-10

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical