7.5 - RHSA-2003:182

Executive Summary

Summary
Title	Updated ghostscript packages fix vulnerability

Informations
Name	RHSA-2003:182	First vendor Publication	2003-06-17
Vendor	RedHat	Last vendor Modification	2003-06-17
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2003-182.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:133

Oval ID:	oval:org.mitre.oval:def:133
Title:	GNU Ghostscript -dSAFER Vulnerability
Description:	Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0354	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	GNU Ghostscript
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND ghostscript version is less than 7.05-32.1 AND Configuration section /usr/bin/gs is executable /usr/bin/gs is executable AND /usr/bin/gs is executable AND /usr/bin/gs is executable

CPE : Common Platform Enumeration

Type	Description	Count
Os	Redhat Linux cpe:2.3:o:redhat:linux:9.0::i386::::: cpe:2.3:o:redhat:linux:8.0:::::::* cpe:2.3:o:redhat:linux:7.3:::::::* cpe:2.3:o:redhat:linux:7.2:::::::* cpe:2.3:o:redhat:linux:7.1:::::::*	5

Open Source Vulnerability Database (OSVDB)

Id	Description
4676	GNU Ghostscript -dSAFER %pipe% Flaw Arbitrary Command Execution When the -dSAFER option is in use, Ghostscript should not open piped commands (i.e. %pipe%cmd). This is not the case due to improper handling of the %pipe% I/O device. An attacker could trick a user into opening a specially crafted Postscript file to exploit this vulnerability; resulting in arbitrary code execution with the users privileges, on the local system.

Description

4676

GNU Ghostscript -dSAFER %pipe% Flaw Arbitrary Command Execution

When the -dSAFER option is in use, Ghostscript should not open piped commands (i.e. %pipe%cmd). This is not the case due to improper handling of the %pipe% I/O device. An attacker could trick a user into opening a specially crafted Postscript file to exploit this vulnerability; resulting in arbitrary code execution with the users privileges, on the local system.

Nessus® Vulnerability Scanner

Date	Description
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-065.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2003-182.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:09	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	5
osvdb(s)	1
Nessus® Exploit(s)	2

	Related
7.5	CVE-2003-0354
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - RHSA-2003:182

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU