Executive Summary
Summary | |
---|---|
Title | New gs-common packages fix insecure temporary file creation |
Informations | |||
---|---|---|---|
Name | DSA-286 | First vendor Publication | 2003-04-14 |
Vendor | Debian | Last vendor Modification | 2003-04-14 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsiuses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi. For the stable distribution (woody) this problem has been fixed in version 0.3.3.0woody1. The old stable distribution (potato) is not affected by this problem. For the unstable distribution (sid) these problems have been fixed in version 0.3.3.1. We recommend that you upgrade your gs-common package. |
Original Source
Url : http://www.debian.org/security/2003/dsa-286 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 286-1 (gs-common) File : nvt/deb_286_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13387 | ps2epsi Symlink Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-286.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:33 |
|