VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 31, 2001· Updated Apr 16, 2026

CVE-2001-1002

CVE-2001-1002

Description

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The default DVI print filter (dvips) in Red Hat Linux 7.0 allows remote attackers to execute arbitrary commands via a crafted DVI file.

Vulnerability

The dvips print filter in Red Hat Linux 7.0 and earlier runs without -R (secure) mode when executed by lpd, per the default configuration [1]. This allows a DVI file containing embedded system commands (e.g., via \special sequences) to be processed, potentially leading to command execution on the print server.

Exploitation

An attacker needs network access to the print service (lpd) and the ability to submit a crafted DVI file for printing. No authentication is required if the print server is exposed. The DVI file includes malicious \special directives that are passed to the shell by dvips.

Impact

Successful exploitation allows the attacker to execute arbitrary commands with the privileges of the dvips process, typically lp or root, depending on the configuration. This leads to full compromise of the print server and potential lateral movement.

Mitigation

Red Hat issued an advisory (RHSA-2001:102) that provides updated packages running dvips in secure mode by default [1]. Administrators should upgrade to the fixed version. If upgrading is not immediate, ensure that dvips is invoked with the -R flag in the print filter configuration.

References
  1. Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Red Hat/Linux3 versions
    cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
  • Red Hat/Red Hat Linuxllm-fuzzy
    Range: <=7.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.