cvelistv5 - cve-2010-2055

CVE-2010-2055 (GCVE-0-2010-2055)

Vulnerability from cvelistv5

Published

2010-07-22 01:00

Modified

2024-08-07 02:17

Severity ?

CWE

Summary

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

References

URL

Tags

	http://www.osvdb.org/66247	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/40532	third-party-advisory, x_refsource_SECUNIA
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183	x_refsource_CONFIRM
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/511476	mailing-list, x_refsource_BUGTRAQ
	https://rhn.redhat.com/errata/RHSA-2012-0095.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=599564	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201412-17.xml	vendor-advisory, x_refsource_GENTOO
	http://www.vupen.com/english/advisories/2010/1757	vdb-entry, x_refsource_VUPEN
	http://savannah.gnu.org/forum/forum.php?forum_id=6368	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/511474	mailing-list, x_refsource_BUGTRAQ
	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/archive/1/511433	mailing-list, x_refsource_BUGTRAQ
	http://bugs.ghostscript.com/show_bug.cgi?id=691350	x_refsource_CONFIRM
	http://secunia.com/advisories/40452	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.novell.com/show_bug.cgi?id=608071	x_refsource_CONFIRM
	http://secunia.com/advisories/40475	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/archive/1/511472	mailing-list, x_refsource_BUGTRAQ
	http://bugs.ghostscript.com/show_bug.cgi?id=691339	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:14.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66247",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/66247"
          },
          {
            "name": "40532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40532"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316"
          },
          {
            "name": "20100526 Re: Ghostscript 8.64 executes random code at startup",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511476"
          },
          {
            "name": "RHSA-2012:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2012-0095.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
          },
          {
            "name": "GLSA-201412-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
          },
          {
            "name": "ADV-2010-1757",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6368"
          },
          {
            "name": "20100526 Re: Ghostscript 8.64 executes random code at startup",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511474"
          },
          {
            "name": "FEDORA-2010-10642",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html"
          },
          {
            "name": "20100522 Ghostscript 8.64 executes random code at startup",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511433"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ghostscript.com/show_bug.cgi?id=691350"
          },
          {
            "name": "40452",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40452"
          },
          {
            "name": "SUSE-SR:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=608071"
          },
          {
            "name": "40475",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40475"
          },
          {
            "name": "FEDORA-2010-10660",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html"
          },
          {
            "name": "20100526 Re: Ghostscript 8.64 executes random code at startup",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511472"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-01-02T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "66247",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/66247"
        },
        {
          "name": "40532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40532"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316"
        },
        {
          "name": "20100526 Re: Ghostscript 8.64 executes random code at startup",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511476"
        },
        {
          "name": "RHSA-2012:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2012-0095.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
        },
        {
          "name": "GLSA-201412-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
        },
        {
          "name": "ADV-2010-1757",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6368"
        },
        {
          "name": "20100526 Re: Ghostscript 8.64 executes random code at startup",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511474"
        },
        {
          "name": "FEDORA-2010-10642",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html"
        },
        {
          "name": "20100522 Ghostscript 8.64 executes random code at startup",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511433"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ghostscript.com/show_bug.cgi?id=691350"
        },
        {
          "name": "40452",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40452"
        },
        {
          "name": "SUSE-SR:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=608071"
        },
        {
          "name": "40475",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40475"
        },
        {
          "name": "FEDORA-2010-10660",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html"
        },
        {
          "name": "20100526 Re: Ghostscript 8.64 executes random code at startup",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511472"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2055",
    "datePublished": "2010-07-22T01:00:00.000Z",
    "dateReserved": "2010-05-25T00:00:00.000Z",
    "dateUpdated": "2024-08-07T02:17:14.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-309

Vulnerability from certfr_avis

Deux vulnérabilités ont été corrigées dans GNU gv.

Description

Deux vulnérabilités ont été corrigées dans GNU gv :

une erreur dans le traitement de fichiers temporaires permet à une personne malintentionnée d'écraser des fichiers arbitraires ;
une faille peut être exploitée afin d'exécuter des commandes postscript arbitraires lorsqu'un utilisateur ouvre un document spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

GNU gv versions antérieures à 3.7.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted