This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated packages for dvips are available which fix a vulnerability
allowing print users to execute arbitrary commands.
[Updated 13 Aug 2003] Added tetex-doc package that was originally left
out of the errata.
The dvips utility converts DVI format into PostScript(TM), and is used
in Red Hat Linux as a print filter for printing DVI files. A
vulnerability has been found in dvips which uses the system() function
insecurely when managing fonts.
Since dvips is used in a print filter, this allows local or remote
attackers who have print access to carefully craft a print job that
allows them to execute arbitrary code as the user 'lp'.
A work around for this vulnerability is to remove the print filter for
DVI files. The following commands, run as root, will accomplish this :
rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters rm -f
However, to fix the problem in the dvips utility as well as remove the
print filter we recommend that all users upgrade to the these packages
contained within this erratum which contain a patch for this issue.
This vulnerability was discovered by Olaf Kirch of SuSE.
Additionally, the file /var/lib/texmf/ls-R had world-writable
This issue is also fixed by the packages contained within this
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12324 ()
CVE ID: CVE-2002-0836