Vulnerabilities > CVE-2003-0354 - Unspecified vulnerability in Redhat Linux

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
redhat
nessus

Summary

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.

Vulnerable Configurations

Part Description Count
OS
Redhat
5

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-065.NASL
    descriptionA vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled.
    last seen2020-06-01
    modified2020-06-02
    plugin id14048
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14048
    titleMandrake Linux Security Advisory : ghostscript (MDKSA-2003:065)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-182.NASL
    descriptionA ghostscript package fixing a command execution vulnerability is now available. GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw has been discovered in the way Ghostscript validates some PostScript commands. This flaw allows an attacker to force commands to be executed by a print spooler by submitting a malicious print job. Note that using the -dSAFER option is not sufficient to prevent command execution. Users of Ghostscript are advised to upgrade to these updated packages, which are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id12399
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12399
    titleRHEL 2.1 : ghostscript (RHSA-2003:182)

Oval

accepted2007-04-25T19:52:15.718-04:00
classvulnerability
contributors
  • nameJay Beale
    organizationBastille Linux
  • nameJay Beale
    organizationBastille Linux
  • nameThomas R. Jones
    organizationMaitreya Security
descriptionUnknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
familyunix
idoval:org.mitre.oval:def:133
statusaccepted
submitted2003-08-20T12:00:00.000-04:00
titleGNU Ghostscript -dSAFER Vulnerability
version37

Redhat

advisories
  • rhsa
    idRHSA-2003:181
  • rhsa
    idRHSA-2003:182