CVE-2002-0836 — HP Secure OS vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

14.1%

top 5.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Secure OS Mandrakesoft Mandrake Linux Redhat Linux

Timeline

PublishedOct 28

Latest updateApr 30

Description

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDhp/secure_os1.0

▶NVDredhat/linux6 versions+5

▶NVDmandrakesoft/mandrake_linux5 versions+4

Patches

Patch: www.debian.org ↗Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-62pv-x8q7-86rc: dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary c↗2022-04-30

▶

CVEList

CVE-2002-0836: dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary c↗2004-09-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-10-14

▶

💬Community

Bugzilla

CVE-2002-0836 security flaw↗2018-08-16

▶