CVE-2001-1002 : The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

Published 2001-08-31 04:00:00

Updated 2017-10-10 01:29:58

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2001-1002

Probability of exploitation activity in the next 30 days: 2.72%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2001-1002

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2001-1002

https://exchange.xforce.ibmcloud.com/vulnerabilities/16509
http://marc.info/?l=bugtraq&m=99892644616749&w=2
http://www.redhat.com/support/errata/RHSA-2001-102.html

Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/3241

Patch;Vendor Advisory

Products affected by CVE-2001-1002

Redhat » Linux » Version: 6.2
cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 7.0
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 7.1
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2001-1002

Exploit prediction scoring system (EPSS) score for CVE-2001-1002

CVSS scores for CVE-2001-1002

References for CVE-2001-1002

Products affected by CVE-2001-1002