To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux: ghostscript arbitrary command execution
Advisory number: CSSA-2002-026.0
Issue date: 2002 June 11
Cross reference:
______________________________________________________________________________
1. Problem Description
An untrusted PostScript file that uses .locksafe or .setsafe to
reset the current page device can force the ghostscript program
to execute arbitrary commands.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm
OpenLinux 3.1.1 Workstation prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm
OpenLinux 3.1 Server prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm
OpenLinux 3.1 Workstation prior to ghostscript-6.51-10.i386.rpm
prior to ghostscript-doc-6.51-10.i386.rpm
prior to ghostscript-fonts-6.51-10.i386.rpm
prior to ghostscript-fonts-cid-6.51-10.i386.rpm
3. Solution
The proper solution is to install the latest packages.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
4.2 Packages
cfabdbccacd4de0268ce15d1dd6a0408 ghostscript-6.51-10.i386.rpm
f9bb38edc64d718f8b943d395de7c75a ghostscript-doc-6.51-10.i386.rpm
70a913d9427ce45367710498bab8e065 ghostscript-fonts-6.51-10.i386.rpm
9e2f736b44b9bfa60e51c24847637d48 ghostscript-fonts-cid-6.51-10.i386.rpm
4.3 Installation
rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm
4.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
4.5 Source Packages
dba70bda415835cca29139d565936b3f ghostscript-6.51-10.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS
5.2 Packages
f8a0bf41a7dd801f6f98d50134143fbd ghostscript-6.51-10.i386.rpm
a2d8fbd76bc080146b1a1a964a218850 ghostscript-doc-6.51-10.i386.rpm
bccaab1b0a9005ea7d36173e296b444e ghostscript-fonts-6.51-10.i386.rpm
dadf94bb7c6091cfb32d650a61e8864d ghostscript-fonts-cid-6.51-10.i386.rpm
5.3 Installation
rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm
5.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS
5.5 Source Packages
38ebafe42e38f5eae8207c4f52bbb90d ghostscript-6.51-10.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
6.2 Packages
12aa5320c2331010736ce36a9fc1ef3d ghostscript-6.51-10.i386.rpm
1a40569d1a9598df507faae191e68c48 ghostscript-doc-6.51-10.i386.rpm
f44b0f45f4864d2b357b02642c4cd249 ghostscript-fonts-6.51-10.i386.rpm
e28affd61ec6bdc19e136c1355307e90 ghostscript-fonts-cid-6.51-10.i386.rpm
6.3 Installation
rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm
6.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
6.5 Source Packages
2e7ba1c536a23823a9c8072d793258af ghostscript-6.51-10.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
7.2 Packages
53145cdba14975c68766ba720977c5cc ghostscript-6.51-10.i386.rpm
d9712806f0f65fba2d806dcc17bd02f6 ghostscript-doc-6.51-10.i386.rpm
bbe1c3eea2309a42507c3e0cdab49cf0 ghostscript-fonts-6.51-10.i386.rpm
4eae26e3e44aa27c0c32df3be32bf622 ghostscript-fonts-cid-6.51-10.i386.rpm
7.3 Installation
rpm -Fvh ghostscript-6.51-10.i386.rpm
rpm -Fvh ghostscript-doc-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-6.51-10.i386.rpm
rpm -Fvh ghostscript-fonts-cid-6.51-10.i386.rpm
7.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
7.5 Source Packages
a51ce17775efda0a93f8cf82781f50c5 ghostscript-6.51-10.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363
http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
http://www.redhat.com/support/errata/RHSA-2002-083.html
Caldera security resources:
http://www.caldera.com/support/security
This security fix closes Caldera incidents sr865431, fz521132,
erg712067.
9. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
