PT-2001-1199 · Gnu · Ghostscript

Published

2001-01-09

Updated

2017-10-10

CVE-2000-1163

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ghostscript versions prior to 5.10-16

Description The issue allows local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. This is due to ghostscript using an empty LD RUN PATH environmental variable to find libraries in the current directory.

Recommendations For versions prior to 5.10-16, update to version 5.10-16 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1163

Affected Products

Ghostscript

PT-2001-1199 · Gnu · Ghostscript

CVE-2000-1163

Related Identifiers

Affected Products

References · 7