CVE-2002-0836 Information

Description

dvips converter for Postscript files in the tetex package calls the system() function insecurely which allows remote attackers to execute arbitrary commands via certain print jobs possibly involving fonts.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 http://marc.info/?l=bugtraq&m=103497852330838&w=2 http://marc.info/?l=bugtraq&m=104005975415582&w=2 http://www.debian.org/security/2002/dsa-207 http://www.iss.net/security_center/static/10365.php http://www.kb.cert.org/vuls/id/169841 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php http://www.redhat.com/support/errata/RHSA-2002-194.html http://www.redhat.com/support/errata/RHSA-2002-195.html http://www.securityfocus.com/advisories/4567 http://www.securityfocus.com/bid/5978