Vulnerabilities > CVE-2003-0354 - Unspecified vulnerability in Redhat Linux
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-065.NASL description A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 14048 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14048 title Mandrake Linux Security Advisory : ghostscript (MDKSA-2003:065) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-182.NASL description A ghostscript package fixing a command execution vulnerability is now available. GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw has been discovered in the way Ghostscript validates some PostScript commands. This flaw allows an attacker to force commands to be executed by a print spooler by submitting a malicious print job. Note that using the -dSAFER option is not sufficient to prevent command execution. Users of Ghostscript are advised to upgrade to these updated packages, which are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12399 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12399 title RHEL 2.1 : ghostscript (RHSA-2003:182)
Oval
| accepted | 2007-04-25T19:52:15.718-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:133 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2003-08-20T12:00:00.000-04:00 | ||||||||||||
| title | GNU Ghostscript -dSAFER Vulnerability | ||||||||||||
| version | 37 |
Redhat
| advisories |
|
References
- http://marc.info/?l=bugtraq&m=105465818929172&w=2
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:065
- http://www.redhat.com/support/errata/RHSA-2003-181.html
- http://www.redhat.com/support/errata/RHSA-2003-182.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A133