From e1be35e73881aaacfc908cb2401671facf16de74 Mon Sep 17 00:00:00 2001 From: hrs Date: Sun, 27 Nov 2005 17:57:19 +0000 Subject: Security fix: several shell scripts included in the Ghostscript package allow local users to overwrite files via a symlink attack on temporary files. Security: CAN-2004-0967 --- security/vuxml/vuln.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a4046eb11a4e..a100313970cb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -35,6 +35,46 @@ Note: Please add new entries to the beginning of this file. --> + + ghostscript -- insecure temporary file creation vulnerability + + + ghostscript-gnu + ghostscript-gnu-nox11 + 7.07_14 + + + ghostscript-afpl + ghostscript-afpl-nox11 + 8.53_1 + + + + +

+
Ghostscript is affected by an insecure temporary file + creation vulnerability. This issue is likely due + to a design error that causes the application to fail + to verify the existence of a file before writing to it.
+ +
An attacker may leverage this issue to overwrite + arbitrary files with the privileges of an unsuspecting + user that activates the vulnerable application. + Reportedly this issue is unlikely to facilitate + privilege escalation.
+

+ + + + 11285 + CVE-2004-0967 + + + 2004-10-19 + 2005-11-27 + + + horde -- Cross site scripting vulnerabilities in MIME viewers. -- cgit