TUCoPS :: Linux :: Discontinued :: cs2026-0.txt

ghostscript arbitrary command execution - Caldera Advisory CSSA-2002-026.0

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com


______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: ghostscript arbitrary command execution
Advisory number: 	CSSA-2002-026.0
Issue date: 		2002 June 11
Cross reference:
______________________________________________________________________________


1. Problem Description

	An untrusted PostScript file that uses .locksafe or .setsafe to
	reset the current page device can force the ghostscript program
	to execute arbitrary commands.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to ghostscript-6.51-10.i386.rpm
					prior to ghostscript-doc-6.51-10.i386.rpm
					prior to ghostscript-fonts-6.51-10.i386.rpm
					prior to ghostscript-fonts-cid-6.51-10.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to ghostscript-6.51-10.i386.rpm
					prior to ghostscript-doc-6.51-10.i386.rpm
					prior to ghostscript-fonts-6.51-10.i386.rpm
					prior to ghostscript-fonts-cid-6.51-10.i386.rpm

	OpenLinux 3.1 Server		prior to ghostscript-6.51-10.i386.rpm
					prior to ghostscript-doc-6.51-10.i386.rpm
					prior to ghostscript-fonts-6.51-10.i386.rpm
					prior to ghostscript-fonts-cid-6.51-10.i386.rpm

	OpenLinux 3.1 Workstation	prior to ghostscript-6.51-10.i386.rpm
					prior to ghostscript-doc-6.51-10.i386.rpm
					prior to ghostscript-fonts-6.51-10.i386.rpm
					prior to ghostscript-fonts-cid-6.51-10.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

	cfabdbccacd4de0268ce15d1dd6a0408	ghostscript-6.51-10.i386.rpm
	f9bb38edc64d718f8b943d395de7c75a	ghostscript-doc-6.51-10.i386.rpm
	70a913d9427ce45367710498bab8e065	ghostscript-fonts-6.51-10.i386.rpm
	9e2f736b44b9bfa60e51c24847637d48	ghostscript-fonts-cid-6.51-10.i386.rpm

	4.3 Installation

	rpm -Fvh ghostscript-6.51-10.i386.rpm
	rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

	dba70bda415835cca29139d565936b3f	ghostscript-6.51-10.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

5.2 Packages

	f8a0bf41a7dd801f6f98d50134143fbd	ghostscript-6.51-10.i386.rpm
	a2d8fbd76bc080146b1a1a964a218850	ghostscript-doc-6.51-10.i386.rpm
	bccaab1b0a9005ea7d36173e296b444e	ghostscript-fonts-6.51-10.i386.rpm
	dadf94bb7c6091cfb32d650a61e8864d	ghostscript-fonts-cid-6.51-10.i386.rpm

	5.3 Installation

	rpm -Fvh ghostscript-6.51-10.i386.rpm
	rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

5.5 Source Packages

	38ebafe42e38f5eae8207c4f52bbb90d	ghostscript-6.51-10.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

6.2 Packages

	12aa5320c2331010736ce36a9fc1ef3d	ghostscript-6.51-10.i386.rpm
	1a40569d1a9598df507faae191e68c48	ghostscript-doc-6.51-10.i386.rpm
	f44b0f45f4864d2b357b02642c4cd249	ghostscript-fonts-6.51-10.i386.rpm
	e28affd61ec6bdc19e136c1355307e90	ghostscript-fonts-cid-6.51-10.i386.rpm

	6.3 Installation

	rpm -Fvh ghostscript-6.51-10.i386.rpm
	rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

6.5 Source Packages

	2e7ba1c536a23823a9c8072d793258af	ghostscript-6.51-10.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

7.2 Packages

	53145cdba14975c68766ba720977c5cc	ghostscript-6.51-10.i386.rpm
	d9712806f0f65fba2d806dcc17bd02f6	ghostscript-doc-6.51-10.i386.rpm
	bbe1c3eea2309a42507c3e0cdab49cf0	ghostscript-fonts-6.51-10.i386.rpm
	4eae26e3e44aa27c0c32df3be32bf622	ghostscript-fonts-cid-6.51-10.i386.rpm

	7.3 Installation

	rpm -Fvh ghostscript-6.51-10.i386.rpm
	rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
	rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

7.5 Source Packages

	a51ce17775efda0a93f8cf82781f50c5	ghostscript-6.51-10.src.rpm


8. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363
http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
http://www.redhat.com/support/errata/RHSA-2002-083.html

Caldera security resources:
		http://www.caldera.com/support/security

This security fix closes Caldera incidents sr865431, fz521132,
	erg712067.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH