Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Oct 2018 10:10:58 +0100
From: Eddie Chapman <eddie@...k.net>
To: oss-security@...ts.openwall.com, Tavis Ormandy <taviso@...gle.com>
Subject: Re: ghostscript: bypassing executeonly to escape
 -dSAFER sandbox (CVE-2018-17961)

On 09/10/18 14:58, Tavis Ormandy wrote:
>  Because nautilus will automatically invoke
> evince-thumbnailer without any user-interaction, just browsing a website 
> is enough to trigger the vulnerability in some common configurations.

While the vulnerability in ghostscript itself is clear in this thread, 
does anyone have any more info on the above aspect of this? i.e is the 
above scenario (inadvertently running postscript, perhaps contained in 
an image, through ghostscript by just browsing a malicious site) limited 
to just nautilus in gnome environments? Do other browsers/environments 
handle this better or do they do similar? It seems that, strictly 
speaking, the "critical" nature of this vulnerability hinges on the 
behaviour of the browser/desktop environment. Otherwise the scope is 
limited to an individual manually downloading a postscript file and 
opening it outside of the browser.

Apologies if I'm missing anything obvious or if this has been covered 
elsewhere online.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.