CVE-2000-1163
CVSS4.6
发布时间 :2001-01-09 00:00:00
修订时间 :2008-09-05 16:22:48
NMCOS    

[原文]ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.


[CNNVD]Aladdin Ghostscript任意分享库使用漏洞(CNNVD-200101-057)

        ghostscript 5.10-16之前的版本使用空的LD_RUN_PATH环境变量查找当前目录中的库,本地用户通过在目录中放置Trojan木马库从而执行任意命令。该目录来自于另一个执行ghostscript的用户。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:aladdin_enterprises:ghostscript:4.3
cpe:/a:aladdin_enterprises:ghostscript:5.50
cpe:/a:aladdin_enterprises:ghostscript:5.10.10
cpe:/a:aladdin_enterprises:ghostscript:5.10cl
cpe:/a:aladdin_enterprises:ghostscript:5.10.15

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1163
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1163
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200101-057
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1991
(VENDOR_ADVISORY)  BID  1991
http://www.debian.org/security/2000/20001123
(VENDOR_ADVISORY)  DEBIAN  20001123 ghostscript: symlink attack
http://xforce.iss.net/static/5564.php
(UNKNOWN)  XF  ghostscript-env-variable
http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
(UNKNOWN)  MANDRAKE  MDKSA-2000:074
http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
(UNKNOWN)  CALDERA  CSSA-2000-041
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
(UNKNOWN)  CONECTIVA  CLSA-2000:343

- 漏洞信息

Aladdin Ghostscript任意分享库使用漏洞
中危 设计错误
2001-01-09 00:00:00 2005-05-02 00:00:00
本地  
        ghostscript 5.10-16之前的版本使用空的LD_RUN_PATH环境变量查找当前目录中的库,本地用户通过在目录中放置Trojan木马库从而执行任意命令。该目录来自于另一个执行ghostscript的用户。

- 公告与补丁

        Several Linux vendors, including Caldera, Debian, Mandrake, and Red Hat, have released new versions of the Ghostscript package to address this vulnerability.
        Aladdin Enterprises Ghostscript 4.3
        
        Aladdin Enterprises Ghostscript 5.10 cl
        
        Aladdin Enterprises Ghostscript 5.10.10
        
        Aladdin Enterprises Ghostscript 5.50
        

- 漏洞信息

1662
Aladdin Ghostscript LD_RUN_PATH Variable Arbitrary Library Injection

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-11-22 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Aladdin Ghostscript Arbitrary Shared Library Usage Vulnerability
Design Error 1991
No Yes
2000-11-22 12:00:00 2007-07-06 05:07:00
Several Linux vendors have released advisories which address this vulnerability, including Caldera, Debian, Mandrake and Red Hat.

- 受影响的程序版本

Aladdin Enterprises Ghostscript 5.50
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 J i386
+ RedHat Linux 7.0 J i386
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 alpha
Aladdin Enterprises Ghostscript 5.10.15
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux eBuilder 3.0
+ SCO eDesktop 2.4
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ SCO eServer 2.3
Aladdin Enterprises Ghostscript 5.10.10
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ Mandriva Linux Mandrake 6.0
Aladdin Enterprises Ghostscript 5.10 cl
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux 4.0
Aladdin Enterprises Ghostscript 4.3
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.2 alpha
Aladdin Enterprises Ghostscript 5.50.8
Aladdin Enterprises Ghostscript 5.10.16
Aladdin Enterprises Ghostscript 5.10.12 cl
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux 4.0
Aladdin Enterprises Ghostscript 5.10.10 -1
Aladdin Enterprises Ghostscript 4.3.2

- 不受影响的程序版本

Aladdin Enterprises Ghostscript 5.50.8
Aladdin Enterprises Ghostscript 5.10.16
Aladdin Enterprises Ghostscript 5.10.12 cl
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux 4.0
Aladdin Enterprises Ghostscript 5.10.10 -1
Aladdin Enterprises Ghostscript 4.3.2

- 漏洞讨论

A vulnerability occurs in certain versions of Aladdin Ghostscript, a multiplatform PostScript interpreter.

Improper use of the LD_RUN_PATH environment variable can cause the program to load shared libraries found in the current directory.

An attacker with a malicious shared library could exploit this to execute hostile code on the affected host, potentially elevating their privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

- 解决方案

Several Linux vendors, including Caldera, Debian, Mandrake, and Red Hat, have released new versions of the Ghostscript package to address this vulnerability.


Aladdin Enterprises Ghostscript 4.3

Aladdin Enterprises Ghostscript 5.10 cl

Aladdin Enterprises Ghostscript 5.10.10

Aladdin Enterprises Ghostscript 5.50

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站