|
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: ghostscript arbitrary command execution Advisory number: CSSA-2002-026.0 Issue date: 2002 June 11 Cross reference: ______________________________________________________________________________ 1. Problem Description An untrusted PostScript file that uses .locksafe or .setsafe to reset the current page device can force the ghostscript program to execute arbitrary commands. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to ghostscript-6.51-10.i386.rpm prior to ghostscript-doc-6.51-10.i386.rpm prior to ghostscript-fonts-6.51-10.i386.rpm prior to ghostscript-fonts-cid-6.51-10.i386.rpm OpenLinux 3.1.1 Workstation prior to ghostscript-6.51-10.i386.rpm prior to ghostscript-doc-6.51-10.i386.rpm prior to ghostscript-fonts-6.51-10.i386.rpm prior to ghostscript-fonts-cid-6.51-10.i386.rpm OpenLinux 3.1 Server prior to ghostscript-6.51-10.i386.rpm prior to ghostscript-doc-6.51-10.i386.rpm prior to ghostscript-fonts-6.51-10.i386.rpm prior to ghostscript-fonts-cid-6.51-10.i386.rpm OpenLinux 3.1 Workstation prior to ghostscript-6.51-10.i386.rpm prior to ghostscript-doc-6.51-10.i386.rpm prior to ghostscript-fonts-6.51-10.i386.rpm prior to ghostscript-fonts-cid-6.51-10.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS 4.2 Packages cfabdbccacd4de0268ce15d1dd6a0408 ghostscript-6.51-10.i386.rpm f9bb38edc64d718f8b943d395de7c75a ghostscript-doc-6.51-10.i386.rpm 70a913d9427ce45367710498bab8e065 ghostscript-fonts-6.51-10.i386.rpm 9e2f736b44b9bfa60e51c24847637d48 ghostscript-fonts-cid-6.51-10.i386.rpm 4.3 Installation rpm -Fvh ghostscript-6.51-10.i386.rpm rpm -Fvh ghostscript-doc-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 4.5 Source Packages dba70bda415835cca29139d565936b3f ghostscript-6.51-10.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS 5.2 Packages f8a0bf41a7dd801f6f98d50134143fbd ghostscript-6.51-10.i386.rpm a2d8fbd76bc080146b1a1a964a218850 ghostscript-doc-6.51-10.i386.rpm bccaab1b0a9005ea7d36173e296b444e ghostscript-fonts-6.51-10.i386.rpm dadf94bb7c6091cfb32d650a61e8864d ghostscript-fonts-cid-6.51-10.i386.rpm 5.3 Installation rpm -Fvh ghostscript-6.51-10.i386.rpm rpm -Fvh ghostscript-doc-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 5.5 Source Packages 38ebafe42e38f5eae8207c4f52bbb90d ghostscript-6.51-10.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 6.2 Packages 12aa5320c2331010736ce36a9fc1ef3d ghostscript-6.51-10.i386.rpm 1a40569d1a9598df507faae191e68c48 ghostscript-doc-6.51-10.i386.rpm f44b0f45f4864d2b357b02642c4cd249 ghostscript-fonts-6.51-10.i386.rpm e28affd61ec6bdc19e136c1355307e90 ghostscript-fonts-cid-6.51-10.i386.rpm 6.3 Installation rpm -Fvh ghostscript-6.51-10.i386.rpm rpm -Fvh ghostscript-doc-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm 6.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 6.5 Source Packages 2e7ba1c536a23823a9c8072d793258af ghostscript-6.51-10.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS 7.2 Packages 53145cdba14975c68766ba720977c5cc ghostscript-6.51-10.i386.rpm d9712806f0f65fba2d806dcc17bd02f6 ghostscript-doc-6.51-10.i386.rpm bbe1c3eea2309a42507c3e0cdab49cf0 ghostscript-fonts-6.51-10.i386.rpm 4eae26e3e44aa27c0c32df3be32bf622 ghostscript-fonts-cid-6.51-10.i386.rpm 7.3 Installation rpm -Fvh ghostscript-6.51-10.i386.rpm rpm -Fvh ghostscript-doc-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm 7.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 7.5 Source Packages a51ce17775efda0a93f8cf82781f50c5 ghostscript-6.51-10.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363 http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html http://www.redhat.com/support/errata/RHSA-2002-083.html Caldera security resources: http://www.caldera.com/support/security This security fix closes Caldera incidents sr865431, fz521132, erg712067. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products.