Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 May 2010 20:33:01 -0400
From: Dan Rosenberg <dan.j.rosenberg@...il.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE assignment: ghostscript stack-based overflow

CVE request for the second issue described in this advisory, just published:

http://seclists.org/fulldisclosure/2010/May/134

quote:

GhostScript (all tested versions) fails to properly handle infinitely
recursive procedure invocations.  By providing a PostScript file with a
sequence such as:

/A{pop 0 A 0} bind def
/product A 0

the interpreter's internal stack will be overflowed with recursive calls, at
which point execution will jump to an attacker-controlled address.  This
vulnerability can be exploited by enticing a user to open a maliciously crafted
PostScript file, achieving arbitrary code execution.  This issue has not yet
been assigned a CVE identifier.

Thanks,
Dan

On Tue, May 11, 2010 at 7:24 PM, Steven M. Christey
<coley@...us.mitre.org> wrote:
>
> FYI.  The researcher told me that some distros were notified pre-disclosure,
> but I had already assigned this CVE when I found out.
>
>
> ======================================================
> Name: CVE-2010-1869
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1869
> Reference:
> MISC:http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html
>
> Stack-based buffer overflow in the parser function in GhostScript 8.70
> and 8.64 allows context-dependent attackers to execute arbitrary code
> via a crafted PostScript file.
>
>
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ