BID:12327

Ghostscript Multiple Local Insecure Temporary File Creation Vulnerabilities

Info

Ghostscript Multiple Local Insecure Temporary File Creation Vulnerabilities

Bugtraq ID:	12327
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Jan 21 2005 12:00AM
Updated:	Dec 21 2007 06:41PM
Credit:	Javier Fernández-Sanguino Peña is credited with the discovery of these issues.
Vulnerable:	Ghostscript Ghostscript 8.0.1 Ghostscript Ghostscript 8.60 Ghostscript Ghostscript 8.57 Ghostscript Ghostscript 8.56 Ghostscript Ghostscript 8.54 Ghostscript Ghostscript 8.15 Aladdin Enterprises Ghostscript 8.50 Aladdin Enterprises Ghostscript 8.0 1

Not Vulnerable:	Ghostscript Ghostscript 8.61

Discussion

Ghostscript Multiple Local Insecure Temporary File Creation Vulnerabilities

Ghostscript is reportedly affected by multiple local vulnerabilities because it creates temporary files in an insecure way. These issues likely stem from a design error that causes the application to fail to verify the presence of a file before writing to it.

An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates a vulnerable application.

AFPL Ghostscript 8.50 and GNU Ghostscript 8.01 are affected by these vulnerabilities; other versions may also be affected.

Exploit / POC

Ghostscript Multiple Local Insecure Temporary File Creation Vulnerabilities

An exploit is not required.

Solution / Fix

Ghostscript Multiple Local Insecure Temporary File Creation Vulnerabilities

Solution:
The vendor released Ghostscript 8.60 to address this issue. Please see the references for more information.

Ghostscript Ghostscript 8.15

Ghostscript GPL Ghostscript 8.61
http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl861.htm

Ghostscript Ghostscript 8.57

Ghostscript GPL Ghostscript 8.61
http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl861.htm

Ghostscript Ghostscript 8.56

Ghostscript GPL Ghostscript 8.61
http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl861.htm

Ghostscript Ghostscript 8.60

Ghostscript GPL Ghostscript 8.61
http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl861.htm

Ghostscript Ghostscript 8.54

Ghostscript GPL Ghostscript 8.61
http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl861.htm

Ghostscript Ghostscript 8.0.1

Ghostscript GPL Ghostscript 8.61
http://pages.cs.wisc.edu/~ghost/doc/GPL/gpl861.htm

References

Ghostscript Multiple Local Insecure Temporary File Creation Vulnerabilities

References:

Debian Bug report logs - #291373 (Debian)
Ghostscript Homepage (Ghostscript)