Bugtraq mailing list archives

Re: LPRng/rhs-printfilters - remote execution of commands

From: Matt Bing <mbing () nfr net>
Date: Mon, 27 Aug 2001 16:54:35 -0400

RedHat 7.0 (possibly others)


Redhat 7.1 is not vulnerable. If tetex-dvips is installed, the filter
/usr/share/printconf/mf_rules/mf40-tetex_filters contains the '-R' 
switch:

#
# tetex filters
#

/dvi/  fpipe/postscript/       /usr/bin/dvips -t PAGEsize ifdef(`XDPI',-X XDPI -Y YDPI, ifdef(`DPI',-D DPI,-D 600)) -R 
-q -f $FILE

-- 
Matt Bing
NFR Security
Rapid Response Team

Current thread:

LPRng/rhs-printfilters - remote execution of commands zen-parse (Aug 27)
- <Possible follow-ups>
- Re: LPRng/rhs-printfilters - remote execution of commands Matt Bing (Aug 27)