CVE-2010-2055
Published: 22 July 2010
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
Notes
Author | Note |
---|---|
mdeslaur | There are three different issues here: 1- -P is the default, and not -P- 2- -P- doesn't actually work 3- ghostscript's scripts don't use -P- Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases. |
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
|
|
maverick |
Ignored
|
|
natty |
Not vulnerable
(9.01~dfsg-1ubuntu5)
|
|
upstream |
Released
(9.00)
|
|
Patches: other: http://mentors.debian.net/debian/pool/main/g/ghostscript/ |
||
gs-afpl Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
gs-esp Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
gs-gpl Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
References
Bugs
- https://bugs.launchpad.net/gs-gpl/+bug/605211
- https://bugzilla.redhat.com/show_bug.cgi?id=599564
- https://bugzilla.novell.com/show_bug.cgi?id=608071
- http://bugs.ghostscript.com/show_bug.cgi?id=691350 (-P- doesn't work)
- http://bugs.ghostscript.com/show_bug.cgi?id=691339 (-P is the wrong default)
- http://bugs.ghostscript.com/show_bug.cgi?id=691355 (scripts don't use -P-)
- http://bugs.debian.org/584653 (-P- doesn't work)
- http://bugs.debian.org/584663 (-P is the wrong default)
- http://bugs.debian.org/584667 (scripts don't use -P-)
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183 (old bug)