CVE-2002-0836

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-0836
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
http://marc.info/?l=bugtraq&m=103497852330838&w=2
http://marc.info/?l=bugtraq&m=104005975415582&w=2
http://www.debian.org/security/2002/dsa-207 Patch Vendor Advisory
http://www.iss.net/security_center/static/10365.php Vendor Advisory
http://www.kb.cert.org/vuls/id/169841 US Government Resource
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
http://www.redhat.com/support/errata/RHSA-2002-194.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-195.html
http://www.securityfocus.com/advisories/4567
http://www.securityfocus.com/bid/5978 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*
History

No history.

Information

Published : 2002-10-28 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-0836

Mitre link : CVE-2002-0836

CVE.ORG link : CVE-2002-0836

JSON object : View

Products Affected

redhat

  • linux

mandrakesoft

  • mandrake_linux

hp

  • secure_os
CWE
NVD-CWE-Other