OSVDB ID: 11069

Title: Ghostscript Multiple Scripts Symlink Arbitrary File Overwrite

Info

Disclosure
Sep 30, 2004

Discovery
Unknown

Dates

Exploit
Sep 30, 2004

Solution
Unknown

Description

 Ghostscript contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is due to multiple scripts creating temporary files with predictable names in world-writeable directories. It is possible that the flaw may allow a malicious user to overwrite arbitrary files, resulting in a loss of integrity.

Classification

 Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

 Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Gentoo Foundation, Inc.

ESP Ghostscript

 7.07.1-r7
7.05.6-r1
7.05.6-r2
7.05.6
7.07.1-r6
7.07.1-r5
7.07.1-r4
7.07.1-r3
7.07.1-r2
7.07.1-r1
7.07.1
7.05.6-r4
7.05.6-r3
7.05.5x
7.05.3x
7.05-r2
7.05-r1
7.05
6.5x

Comodo Trustix

ESP Ghostscript

 7.05.6-7tr
7.05.6-6tr
7.05.6-5em
7.05.6-4ct
7.05.6-3gd
7.05.6-2gd
7.05.6-1gd
7.07.1-1tr
7.07.1-2tr
7.07.1-3tr
7.07.1-4tr

August Daniel Coby

Ghostscript

 8.50
8.01

References

Credit
  • Javier Fernandez-Sanguino Pena - jfsBrand New Doo Doocomputer.org -


Direct URL: http://osvdb.org/36218