Executive Summary
Summary | |
---|---|
Title | Ghostscript vulnerability |
Informations | |||
---|---|---|---|
Name | USN-599-1 | First vendor Publication | 2008-04-09 |
Vendor | Ubuntu | Last vendor Modification | 2008-04-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2008-0411) |
Original Source
Url : http://www.ubuntu.com/usn/USN-599-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16848 | |||
Oval ID: | oval:org.mitre.oval:def:16848 | ||
Title: | USN-599-1 -- ghostscript, gs-esp, gs-gpl vulnerability | ||
Description: | Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-599-1 CVE-2008-0411 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | ghostscript gs-esp gs-gpl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20095 | |||
Oval ID: | oval:org.mitre.oval:def:20095 | ||
Title: | DSA-1510-1 gs-esp gs-gpl - arbitrary code execution | ||
Description: | Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1510-1 CVE-2008-0411 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | gs-esp gs-gpl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22430 | |||
Oval ID: | oval:org.mitre.oval:def:22430 | ||
Title: | ELSA-2008:0155: ghostscript security update (Important) | ||
Description: | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0155-01 CVE-2008-0411 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | ghostscript |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7775 | |||
Oval ID: | oval:org.mitre.oval:def:7775 | ||
Title: | DSA-1510 gs-esp gs-gpl -- buffer overflow | ||
Description: | Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1510 CVE-2008-0411 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | gs-esp gs-gpl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9557 | |||
Oval ID: | oval:org.mitre.oval:def:9557 | ||
Title: | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. | ||
Description: | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0411 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Ghostscript File : nvt/sles9p5021790.nasl |
2009-04-09 | Name : Mandriva Update for ghostscript MDVSA-2008:055 (ghostscript) File : nvt/gb_mandriva_MDVSA_2008_055.nasl |
2009-03-23 | Name : Ubuntu Update for ghostscript, gs-esp, gs-gpl vulnerability USN-599-1 File : nvt/gb_ubuntu_USN_599_1.nasl |
2009-03-06 | Name : RedHat Update for ghostscript RHSA-2008:0155-01 File : nvt/gb_RHSA-2008_0155-01_ghostscript.nasl |
2009-02-27 | Name : CentOS Update for ghostscript CESA-2008:0155 centos3 i386 File : nvt/gb_CESA-2008_0155_ghostscript_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for ghostscript CESA-2008:0155 centos3 x86_64 File : nvt/gb_CESA-2008_0155_ghostscript_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for ghostscript CESA-2008:0155 centos4 i386 File : nvt/gb_CESA-2008_0155_ghostscript_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for ghostscript CESA-2008:0155 centos4 x86_64 File : nvt/gb_CESA-2008_0155_ghostscript_centos4_x86_64.nasl |
2009-02-16 | Name : Fedora Update for ghostscript FEDORA-2008-1998 File : nvt/gb_fedora_2008_1998_ghostscript_fc8.nasl |
2009-02-16 | Name : Fedora Update for ghostscript FEDORA-2008-2084 File : nvt/gb_fedora_2008_2084_ghostscript_fc7.nasl |
2009-01-23 | Name : SuSE Update for ghostscript SUSE-SA:2008:010 File : nvt/gb_suse_2008_010.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-14 (ghostscript) File : nvt/glsa_200803_14.nasl |
2008-09-04 | Name : FreeBSD Ports: ghostscript-gpl, ghostscript-gpl-nox11 File : nvt/freebsd_ghostscript-gpl.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1510-1 (gs-esp / gs-gpl) File : nvt/deb_1510_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-062-01 espgs/ghostscript File : nvt/esoft_slk_ssa_2008_062_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42310 | Ghostscript zicc.c zseticcspace Function Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0155.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080227_ghostscript_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12074.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-055.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-599-1.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-14.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1998.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2084.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ca8e56d5e85611dcb5af0017319806e7.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-062-01.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ghostscript-fonts-other-4984.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote openSUSE host is missing a security update. File : suse_ghostscript-fonts-other-4985.nasl - Type : ACT_GATHER_INFO |
2008-02-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0155.nasl - Type : ACT_GATHER_INFO |
2008-02-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1510.nasl - Type : ACT_GATHER_INFO |
2008-02-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0155.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:02 |
|