|
Family: Gain root remotely --> Category: attack
lpd, dvips and remote command execution Vulnerability Scan
Vulnerability Scan Summary Executes 'ping' on the remote host
Detailed Explanation for this Vulnerability Test
The remote lpd server calls dvips in insecure mode.
A possible hacker may use this flaw to execute arbitrary
commands remotely on this host.
Solution : edit the file
/usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi
and change the linethat specifies how 'dvips' is
to be executed from :
dvips -f $DVIPS_OPTIONS < $TMP_FILE
to
dvips -R -f $DVIPS_OPTIONS < $TMP_FILE
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|