Bugtraq mailing list archives
Re: LPRng/rhs-printfilters - remote execution of commands
From: Matt Bing <mbing () nfr net>
Date: Mon, 27 Aug 2001 16:54:35 -0400
RedHat 7.0 (possibly others)
Redhat 7.1 is not vulnerable. If tetex-dvips is installed, the filter /usr/share/printconf/mf_rules/mf40-tetex_filters contains the '-R' switch: # # tetex filters # /dvi/ fpipe/postscript/ /usr/bin/dvips -t PAGEsize ifdef(`XDPI',-X XDPI -Y YDPI, ifdef(`DPI',-D DPI,-D 600)) -R -q -f $FILE -- Matt Bing NFR Security Rapid Response Team
Current thread:
- LPRng/rhs-printfilters - remote execution of commands zen-parse (Aug 27)
- <Possible follow-ups>
- Re: LPRng/rhs-printfilters - remote execution of commands Matt Bing (Aug 27)