PT-2019-5103 · Artifex+5 · Ghostscript+5

Lukas Schauer

Publicado

2019-11-14

Atualizado

2020-10-25

CVE-2019-14869

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ghostscript versions 9.x before 9.50

Description A flaw in the .charkeys procedure of ghostscript allows scripts to bypass -dSAFER restrictions by not properly securing its privileged calls. This enables an attacker to create a specially crafted PostScript file that could escalate privileges within Ghostscript, access files outside of restricted areas, or execute commands. The exploitation of this flaw may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For ghostscript versions 9.x before 9.50, update to version 9.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the .charkeys procedure to minimize the risk of exploitation. Avoid using the -dSAFER restrictions in affected versions until the issue is resolved.

Correção

Incorrect Permission

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-648CWE-269

Identificadores relacionados

ALT-PU-2020-2906

ALT-PU-2020-2917

ALT-PU-2020-2921

ALT-PU-2020-3124

BDU:2020-01769

CESA-2019_3888

CESA-2019_3890

CVE-2019-14869

DLA-1992-1

DSA-4569-1

MGASA-2019-0336

OPENSUSE-SU-2019:2534-1

OPENSUSE-SU-2019:2535-1

OPENSUSE-SU-2019_2534-1

OPENSUSE-SU-2019_2535-1

RHSA-2019:3888

RHSA-2019:3890

RHSA-2019_3888

RHSA-2019_3890

RHSA-2020:0222

SUSE-SU-2019:2981-1

SUSE-SU-2019:2983-1

SUSE-SU-2019_2981-1

SUSE-SU-2019_2983-1

USN-4193-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Ghostscript

PT-2019-5103 · Artifex+5 · Ghostscript+5

CVE-2019-14869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 53