Description
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by zenith parsec · textremotelinux
https://www.exploit-db.com/exploits/21095
References (4)
Core 4
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3241
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16509
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=99892644616749&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2001-102.html
Scores
EPSS
0.0472
EPSS Percentile
89.4%
Details
Status
published
Products (3)
redhat/linux
6.2
redhat/linux
7.0
redhat/linux
7.1
Published
Aug 31, 2001
Tracked Since
Feb 18, 2026