Описание
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Меры по смягчению последствий
Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 5 | ghostscript | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ghostscript | Out of support scope | ||
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/3scale-operator | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/apicast-gateway | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/backend | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/operator | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/toolbox | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/zync | Fixed | RHSA-2019:2534 | 21.08.2019 |
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2019:2586 | 02.09.2019 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in ghostscript, versions 9.x before 9.50, in the sets ...
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Уязвимость процедуры setsystemparams программы конвертирования файлов формата PostScript Ghostscript, позволяющая нарушителю выполнить произвольные команды или получить доступ к файловой системе
7.3 High
CVSS3