Date: Sat, 29 Apr 2017 19:24:09 +0800 From: redrain root <rootredrain@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2017-8291 ghostscript remote code execution nope~ I know this issue is a type confusion similar to your initialized dsc parser for example The last previous vulnerability code exists in the zinitialize_dsc_parser(). The method gets the memory data using dict_memory() and treats it as an object to call its gs_alloc_struct() method. in the Evince code execution demo, uses ghostscript (libgs.so) as the .ps file processor and another demo attack imagick is the shell command injection vuln. and CVE-2017-8291 is a part of my exploit last year it also affect some programs use ghostscript that's why I use Evince as the example. Regards, redrain 2017-04-29 13:36 GMT+08:00 Tavis Ormandy <taviso@...gle.com>: > On Fri, Apr 28, 2017 at 7:43 PM, redrain root <rootredrain@...il.com> > wrote: > > > > what a awkward?? > > I have discovered a part of my vulns about ghostscript last year and > > exploited in fulldisclosure early! > > and these vulns are part of mine I was going to discovered these in > defcon > > or other conference...WTF... > > u guys are logo designer??? > > > > there are two demos last year > > Evince Arbitrary Code Execution https://youtu.be/wzcrHXngfcM Attack > Imagick > > through Ghostscript https://youtu.be/tPGm_ANDyOw > > > > I don't think so, that is CVE-2016-7976 and is entirely unrelated to > the issue being discussed, other than superficial similarity of the > exploit. > > That issue was reported by me, and we discussed the ImageMagick and > evince attack vectors at the time, you can check the archives if > you're interested. > > http://seclists.org/oss-sec/2016/q4/29 > > This issue (CVE-2017-8291) is a type confusion vulnerability (well, > technically two vulnerabilities), and was found in the wild. > > Tavis. >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ