Описание
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 5 | ghostscript | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ghostscript | Out of support scope | ||
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/3scale-operator | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/apicast-gateway | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/backend | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/operator | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/toolbox | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/zync | Fixed | RHSA-2019:2534 | 21.08.2019 |
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2019:2586 | 02.09.2019 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfex ...
A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Уязвимость процедуры .pdfexectoken программы конвертирования файлов формата PostScript Ghostscript, позволяющая нарушителю выполнить произвольные команды или получить доступ к файловой системе
7.3 High
CVSS3