CVE-2003-0354
CVSS7.5
发布时间 :2003-06-16 00:00:00
修订时间 :2016-10-17 22:32:59
NMCOS    

[原文]Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.


[CNNVD]GhostScript任意命令执行漏洞(CNNVD-200306-109)

        
        GNU Ghostscript是一款PostScript语言解析器,经常在那些不内置PostScript解析器的打印机进行打印时使用。
        Ghostscript当处理畸形PS文件时存在缺陷,远程或者本地攻击者可以利用这个漏洞构建恶意PS文件,诱使用户打开,可能以用户进程权限在系统上执行任意指令。
        7.07版本之前的Ghostscript即使在-dSAFER选项使用的情况下,也存在漏洞允许恶意PS文件执行任意命令。在REDHAT下,如果使用-dPARANOIDSAFER选项就不受此漏洞影响,因此在REDHAT Linux下恶意打印作业将不能用于利用此漏洞。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:9.0::i386
cpe:/o:redhat:linux:7.1Red Hat Linux 7.1
cpe:/o:redhat:linux:8.0Red Hat Linux 8.0
cpe:/o:redhat:linux:7.2Red Hat Linux 7.2
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:133GNU Ghostscript -dSAFER Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0354
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0354
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-109
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105465818929172&w=2
(UNKNOWN)  BUGTRAQ  20030603 [OpenPKG-SA-2003.030] OpenPKG Security Advisory (ghostscript)
http://www.mandriva.com/security/advisories?name=MDKSA-2003:065
(UNKNOWN)  MANDRAKE  MDKSA-2003:065
http://www.redhat.com/support/errata/RHSA-2003-181.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:181
http://www.redhat.com/support/errata/RHSA-2003-182.html
(UNKNOWN)  REDHAT  RHSA-2003:182

- 漏洞信息

GhostScript任意命令执行漏洞
高危 其他
2003-06-16 00:00:00 2005-10-20 00:00:00
远程  
        
        GNU Ghostscript是一款PostScript语言解析器,经常在那些不内置PostScript解析器的打印机进行打印时使用。
        Ghostscript当处理畸形PS文件时存在缺陷,远程或者本地攻击者可以利用这个漏洞构建恶意PS文件,诱使用户打开,可能以用户进程权限在系统上执行任意指令。
        7.07版本之前的Ghostscript即使在-dSAFER选项使用的情况下,也存在漏洞允许恶意PS文件执行任意命令。在REDHAT下,如果使用-dPARANOIDSAFER选项就不受此漏洞影响,因此在REDHAT Linux下恶意打印作业将不能用于利用此漏洞。
        

- 公告与补丁

        厂商补丁:
        Aladdin Enterprises
        -------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Aladdin Enterprises Upgrade ghostscript-7.07.tar.gz
        
        http://prdownloads.sourceforge.net/ghostscript/ghostscript-7.07.tar.gz?download

        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2003:181-01)以及相应补丁:
        RHSA-2003:181-01:Updated ghostscript packages fix vulnerability
        链接:https://www.redhat.com/support/errata/RHSA-2003-181.html
        REDHAT Linux下补丁下载:
        Red Hat Linux 7.1:
        SRPMS:
        ftp://updates.redhat.com/7.1/en/os/SRPMS/ghostscript-6.51-16.1.7x.1.src.rpm
        i386:
        ftp://updates.redhat.com/7.1/en/os/i386/ghostscript-6.51-16.1.7x.1.i386.rpm
        Red Hat Linux 7.2:
        SRPMS:
        ftp://updates.redhat.com/7.2/en/os/SRPMS/ghostscript-6.51-16.3.src.rpm
        i386:
        ftp://updates.redhat.com/7.2/en/os/i386/ghostscript-6.51-16.3.i386.rpm
        ia64:
        ftp://updates.redhat.com/7.2/en/os/ia64/ghostscript-6.51-16.3.ia64.rpm
        Red Hat Linux 7.3:
        SRPMS:
        ftp://updates.redhat.com/7.3/en/os/SRPMS/ghostscript-6.52-9.5.src.rpm
        i386:
        ftp://updates.redhat.com/7.3/en/os/i386/ghostscript-6.52-9.5.i386.rpm
        Red Hat Linux 8.0:
        SRPMS:
        ftp://updates.redhat.com/8.0/en/os/SRPMS/ghostscript-7.05-20.1.src.rpm
        i386:
        ftp://updates.redhat.com/8.0/en/os/i386/ghostscript-7.05-20.1.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/ghostscript-devel-7.05-20.1.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/ghostscript-gtk-7.05-20.1.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/hpijs-1.1-20.1.i386.rpm
        Red Hat Linux 9:
        SRPMS:
        ftp://updates.redhat.com/9/en/os/SRPMS/ghostscript-7.05-32.1.src.rpm
        i386:
        ftp://updates.redhat.com/9/en/os/i386/ghostscript-7.05-32.1.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/ghostscript-devel-7.05-32.1.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/hpijs-1.3-32.1.i386.rpm
        相关校验:
        MD5 sum Package Name
        --------------------------------------------------------------------------
        17f5e1f86295677e4ad75fc202d26159 7.1/en/os/SRPMS/ghostscript-6.51-16.1.7x.1.src.rpm
        db35a7a93ef26ff36c5880580504b43a 7.1/en/os/i386/ghostscript-6.51-16.1.7x.1.i386.rpm
        d8b42f6af2bdb9edee0b50459c05ad96 7.2/en/os/SRPMS/ghostscript-6.51-16.3.src.rpm
        05589f336b1f45d83d167de9d3d173ca 7.2/en/os/i386/ghostscript-6.51-16.3.i386.rpm
        05f55eb8b6252e2c672b83778831e7c2 7.2/en/os/ia64/ghostscript-6.51-16.3.ia64.rpm
        d7107c39c5d04e1afd1c8d67e203713f 7.3/en/os/SRPMS/ghostscript-6.52-9.5.src.rpm
        ebba3a35451201da84c9898b639f85ef 7.3/en/os/i386/ghostscript-6.52-9.5.i386.rpm
        3ce50b988a370f3ff09855abd1089341 8.0/en/os/SRPMS/ghostscript-7.05-20.1.src.rpm
        59f89e35fa9ebe4487eaa80576cc7253 8.0/en/os/i386/ghostscript-7.05-20.1.i386.rpm
        7dc5193bc01725273294c2c3f1959434 8.0/en/os/i386/ghostscript-devel-7.05-20.1.i386.rpm
        17b0e8fa73551ee829fde0b9c20e98ac 8.0/en/os/i386/ghostscript-gtk-7.05-20.1.i386.rpm
        df0c388dd079bb13e1ce0cf0dbcaee63 8.0/en/os/i386/hpijs-1.1-20.1.i386.rpm
        0addc0a8db3d8744390432c5d1441fb3 9/en/os/SRPMS/ghostscript-7.05-32.1.src.rpm
        d11602ea9618a680f1224b8fa3228f55 9/en/os/i386/ghostscript-7.05-32.1.i386.rpm
        d27dd715e6a662727f7f582f52d80bfc 9/en/os/i386/ghostscript-devel-7.05-32.1.i386.rpm
        f2ad407e793d21c730aa1e211c6bc1c9 9/en/os/i386/hpijs-1.3-32.1.i386.rpm

- 漏洞信息

4676
GNU Ghostscript -dSAFER %pipe% Flaw Arbitrary Command Execution
Local Access Required, Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

When the -dSAFER option is in use, Ghostscript should not open piped commands (i.e. %pipe%cmd). This is not the case due to improper handling of the %pipe% I/O device. An attacker could trick a user into opening a specially crafted Postscript file to exploit this vulnerability; resulting in arbitrary code execution with the users privileges, on the local system.

- 时间线

2003-05-17 2003-05-17
Unknow Unknow

- 解决方案

Upgrade to Ghostscript version 7.07 or higher, as it has been reported to fix this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GhostScript Arbitrary Command Execution Vulnerability
Failure to Handle Exceptional Conditions 7757
Yes No
2003-05-17 12:00:00 2009-07-11 10:06:00
This vulnerability was reported by the vendor.

- 受影响的程序版本

SGI ProPack 2.3
SGI ProPack 2.2.1
Aladdin Enterprises Ghostscript 7.0 6
Aladdin Enterprises Ghostscript 7.0 5
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc2
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 8.0
Aladdin Enterprises Ghostscript 7.0 4
+ OpenPKG OpenPKG 1.1
Aladdin Enterprises Ghostscript 6.53
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
Aladdin Enterprises Ghostscript 6.52
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 alpha
Aladdin Enterprises Ghostscript 6.51
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Sun Linux 5.0.5
Aladdin Enterprises Ghostscript 5.50.8
Aladdin Enterprises Ghostscript 5.50
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 J i386
+ RedHat Linux 7.0 J i386
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 alpha
Aladdin Enterprises Ghostscript 5.10.16
Aladdin Enterprises Ghostscript 5.10.15
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux Desktop 2.3
+ Caldera OpenLinux eBuilder 3.0
+ SCO eDesktop 2.4
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ SCO eServer 2.3
Aladdin Enterprises Ghostscript 5.10.10
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ Mandriva Linux Mandrake 6.0
Aladdin Enterprises Ghostscript 7.0 7

- 不受影响的程序版本

Aladdin Enterprises Ghostscript 7.0 7

- 漏洞讨论

A problem with Ghostscript could make it possible to execute arbitrary commands.

The vulnerability exists when GhostScript is used to process specially formatted PS files.

An attacker can exploit this vulnerability by creating a malicious PS file which, when processed with GhostScript, will result in the execution of arbitrary system commands.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Sun has released updates for Sun Linux 5.0.5.

Red Hat has released an advisory (RHSA-2003:181-01). Information about obtaining and applying fixes are available in the referenced advisory.

Red Hat has also released an advisory (RHSA-2003:182-04) which addresses this issue on Red Hat Enterprise Linux AS, Red Hat Enterprise Linux ES, Red Hat Enterprise Linux WS and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. Users should see the attached advisory for details on obtaining and applying fixes.

Mandrake has released an advisory (MDKSA-2003:065) that addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo Linux has released an advisory. Users who have installed app-text/ghostscript are advised to upgrade to ghostscript-7.05.6-r2 by issuing the following commands:

emerge sync
emerge ghostscript
emerge clean

SGI has released an advisory (20031002-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10027) containing updated RPM packages relating to 22 different BIDS.

Patch 10027 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10027, please see the attached advisory.

Fixes available:


Aladdin Enterprises Ghostscript 5.10.10

Aladdin Enterprises Ghostscript 5.10.15

Aladdin Enterprises Ghostscript 5.10.16

Aladdin Enterprises Ghostscript 5.50

Aladdin Enterprises Ghostscript 5.50.8

Aladdin Enterprises Ghostscript 6.51

Aladdin Enterprises Ghostscript 6.52

Aladdin Enterprises Ghostscript 6.53

Aladdin Enterprises Ghostscript 7.0 6

Aladdin Enterprises Ghostscript 7.0 5

Aladdin Enterprises Ghostscript 7.0 4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站