[22436] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: LPRng/rhs-printfilters - remote execution of commands

daemon@ATHENA.MIT.EDU (Matt Bing)
Mon Aug 27 17:34:19 2001

Date: Mon, 27 Aug 2001 16:54:35 -0400
From: Matt Bing <mbing@nfr.net>
To: bugtraq@securityfocus.com
Message-ID: <20010827165434.A23344@karloff.bing.nfr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> RedHat 7.0 (possibly others)

Redhat 7.1 is not vulnerable. If tetex-dvips is installed, the filter
/usr/share/printconf/mf_rules/mf40-tetex_filters contains the '-R' 
switch:

#
# tetex filters
#

/dvi/  fpipe/postscript/       /usr/bin/dvips -t PAGEsize ifdef(`XDPI',-X XDPI -Y YDPI, ifdef(`DPI',-D DPI,-D 600)) -R -q -f $FILE

-- 
Matt Bing
NFR Security
Rapid Response Team


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22436] in bugtraq

Re: LPRng/rhs-printfilters - remote execution of commands

daemon@ATHENA.MIT.EDU (Matt Bing)Mon Aug 27 17:34:19 2001

daemon@ATHENA.MIT.EDU (Matt Bing)
Mon Aug 27 17:34:19 2001