oss-security - Re: CVE request: ghostscript and gv

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 1 Jun 2010 14:41:41 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: ghostscript and gv

Please use CVE-2010-2055 for this.

Thanks.

-- 
    JB


----- "Ludwig Nussel" <ludwig.nussel@...e.de> wrote:

> Hi,
> 
> ghostscript executes initialization files relative to the current
> directory. Unfortunately the -dSAFER option has no effect on those
> files. So when viewing a file e.g. in /tmp a local attacker could
> have the victim execute arbitrary postscript programs.
> Upstream suggested to use -P- in addition to -dSAFER. That however
> would mean every program using gs to render postscript has to be
> checked. So fixing ghostscripts default behavior might be easier for
> distributions.
> http://bugs.ghostscript.com/show_bug.cgi?id=691339
> http://www.securityfocus.com/archive/1/511433
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
> https://bugzilla.novell.com/show_bug.cgi?id=608071
> 
> In the Debian bug report Paul also mentiones that gv creates a
> temporary file in an insecure way:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10
> 
> cu
> Ludwig
> 
> -- 
>  (o_   Ludwig Nussel
>  //\   
>  V_/_  http://www.suse.de/
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.