Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1002 — Redhat Linux vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

4.7%

top 10.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Linux

Timeline

PublishedAug 31

Latest updateApr 30

Description

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/linux6.2, 7.0, 7.1+2

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-28fj-h7cm-23g6: The default configuration of the DVI print filter (dvips) in Red Hat Linux 7↗2022-04-30

▶

CVEList

CVE-2001-1002: The default configuration of the DVI print filter (dvips) in Red Hat Linux 7↗2002-06-25

▶

💥Exploits & PoCs

Exploit-DB

RedHat 6.2/7.0/7.1 Lpd - Remote Command Execution via DVI Printfilter Configuration Error↗2001-08-27

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-08-27

▶

💬Community

Bugzilla

CVE-2001-1002 security flaw↗2018-08-16

▶