CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
86.3%
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
Vendor | Product | Version | CPE |
---|---|---|---|
hp | secure_os | 1.0 | cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:* |
mandrakesoft | mandrake_linux | 7.2 | cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:* |
mandrakesoft | mandrake_linux | 8.0 | cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:* |
mandrakesoft | mandrake_linux | 8.0 | cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:* |
mandrakesoft | mandrake_linux | 8.1 | cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:* |
mandrakesoft | mandrake_linux | 8.1 | cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:* |
mandrakesoft | mandrake_linux | 8.2 | cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:* |
mandrakesoft | mandrake_linux | 8.2 | cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:* |
mandrakesoft | mandrake_linux | 9.0 | cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:* |
redhat | linux | 6.2 | cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:* |
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
marc.info/?l=bugtraq&m=103497852330838&w=2
marc.info/?l=bugtraq&m=104005975415582&w=2
www.debian.org/security/2002/dsa-207
www.iss.net/security_center/static/10365.php
www.kb.cert.org/vuls/id/169841
www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
www.redhat.com/support/errata/RHSA-2002-194.html
www.redhat.com/support/errata/RHSA-2002-195.html
www.securityfocus.com/advisories/4567
www.securityfocus.com/bid/5978