PT-2004-1984 · Ghostscript+3 · Ghostscript+3

Published

2004-10-20

Updated

2017-10-11

CVE-2004-0967

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Trustix Secure Linux versions 1.5 through 2.1 espgs package (affected versions not specified)

Description: The issue allows local users to overwrite files via a symlink attack on temporary files created by the pj-gs.sh, ps2epsi, pv.sh, and sysvlp.sh scripts in the ESP Ghostscript package.

Recommendations: For Trustix Secure Linux versions 1.5 through 2.1, consider restricting access to the pj-gs.sh, ps2epsi, pv.sh, and sysvlp.sh scripts until a patch is available. As a temporary workaround, consider disabling the execution of these scripts to minimize the risk of exploitation. Restrict access to temporary files created by these scripts to prevent unauthorized overwriting of files.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2004-0967

RHSA-2005:081

RHSA-2005_081

Affected Products

Espgs

Ghostscript

Red Hat

Trustix Secure Linux

PT-2004-1984 · Ghostscript+3 · Ghostscript+3

CVE-2004-0967

Weakness Enumeration

Related Identifiers

Affected Products

References · 16