Login
Newsletter
Werbung

Sicherheit: Ausführung beliebiger Kommandos in ghostscript
Aktuelle Meldungen Distributionen
Name: Ausführung beliebiger Kommandos in ghostscript
ID: CSSA-2002-026.0
Distribution: Caldera
Plattformen: Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1
Datum: Mi, 12. Juni 2002, 13:00
Referenzen: Keine Angabe
Applikationen: AFPL Ghostscript

Originalnachricht

--cNdxnHkX5QqsyA0e
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com
security-alerts@linuxsecurity.com


______________________________________________________________________________

Caldera International, Inc. Security Advisory

Subject: Linux: ghostscript arbitrary command execution
Advisory number: CSSA-2002-026.0
Issue date: 2002 June 11
Cross reference:
______________________________________________________________________________


1. Problem Description

An untrusted PostScript file that uses .locksafe or .setsafe to
reset the current page device can force the ghostscript program
to execute arbitrary commands.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm

OpenLinux 3.1.1 Workstation prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm

OpenLinux 3.1 Server prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm

OpenLinux 3.1 Workstation prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm


3. Solution

The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

cfabdbccacd4de0268ce15d1dd6a0408 ghostscript-6.51-10.i386.rpm
f9bb38edc64d718f8b943d395de7c75a ghostscript-doc-6.51-10.i386.rpm
70a913d9427ce45367710498bab8e065 ghostscript-fonts-6.51-10.i386.rpm
9e2f736b44b9bfa60e51c24847637d48 ghostscript-fonts-cid-6.51-10.i386.rpm

4.3 Installation

rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

4.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

dba70bda415835cca29139d565936b3f ghostscript-6.51-10.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

5.2 Packages

f8a0bf41a7dd801f6f98d50134143fbd ghostscript-6.51-10.i386.rpm
a2d8fbd76bc080146b1a1a964a218850 ghostscript-doc-6.51-10.i386.rpm
bccaab1b0a9005ea7d36173e296b444e ghostscript-fonts-6.51-10.i386.rpm
dadf94bb7c6091cfb32d650a61e8864d ghostscript-fonts-cid-6.51-10.i386.rpm

5.3 Installation

rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

5.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

5.5 Source Packages

38ebafe42e38f5eae8207c4f52bbb90d ghostscript-6.51-10.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

6.2 Packages

12aa5320c2331010736ce36a9fc1ef3d ghostscript-6.51-10.i386.rpm
1a40569d1a9598df507faae191e68c48 ghostscript-doc-6.51-10.i386.rpm
f44b0f45f4864d2b357b02642c4cd249 ghostscript-fonts-6.51-10.i386.rpm
e28affd61ec6bdc19e136c1355307e90 ghostscript-fonts-cid-6.51-10.i386.rpm

6.3 Installation

rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

6.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

6.5 Source Packages

2e7ba1c536a23823a9c8072d793258af ghostscript-6.51-10.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

7.2 Packages

53145cdba14975c68766ba720977c5cc ghostscript-6.51-10.i386.rpm
d9712806f0f65fba2d806dcc17bd02f6 ghostscript-doc-6.51-10.i386.rpm
bbe1c3eea2309a42507c3e0cdab49cf0 ghostscript-fonts-6.51-10.i386.rpm
4eae26e3e44aa27c0c32df3be32bf622 ghostscript-fonts-cid-6.51-10.i386.rpm

7.3 Installation

rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

7.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

7.5 Source Packages

a51ce17775efda0a93f8cf82781f50c5 ghostscript-6.51-10.src.rpm


8. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363
http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
http://www.redhat.com/support/errata/RHSA-2002-083.html

Caldera security resources:
http://www.caldera.com/support/security

This security fix closes Caldera incidents sr865431, fz521132,
erg712067.


9. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.

______________________________________________________________________________

--cNdxnHkX5QqsyA0e
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0GoOoACgkQbluZssSXDTEsIwCfVceFi7uEr1oE7Pqu76pXaw1s
wT4AoMfywNneWmwN7S6rnM+6/Av3Fsfq
=zO1a
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung