PT-2004-1984 · Ghostscript+3 · Ghostscript+3
Publicado
2004-10-20
·
Atualizado
2017-10-11
·
CVE-2004-0967
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Trustix Secure Linux versions 1.5 through 2.1
espgs package (affected versions not specified)
Description:
The issue allows local users to overwrite files via a symlink attack on temporary files created by the pj-gs.sh, ps2epsi, pv.sh, and sysvlp.sh scripts in the ESP Ghostscript package.
Recommendations:
For Trustix Secure Linux versions 1.5 through 2.1, consider restricting access to the pj-gs.sh, ps2epsi, pv.sh, and sysvlp.sh scripts until a patch is available.
As a temporary workaround, consider disabling the execution of these scripts to minimize the risk of exploitation.
Restrict access to temporary files created by these scripts to prevent unauthorized overwriting of files.
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Espgs
Ghostscript
Red Hat
Trustix Secure Linux