Red Hat Bugzilla – Bug 152849
CAN-2004-0967 Ghostscript Insecure Temporary File Creation
Last modified: 2007-04-18 13:22:26 EDT
A vulnerability has been reported in ESP Ghostscript, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
The vulnerability is caused due to temporary files being created insecurely by
the "pj-gs.sh", "ps2epsi", "pv.sh", and "sysvlp.sh" scripts. This can be
exploited via symlink attacks to create or overwrite arbitrary files with the
privileges of the user invoking a vulnerable script.
Red Hat Bugzilla:
The patch contains several modification. But the most of them was already fixed.
------- Bug moved to this database by email@example.com 2005-03-30 18:29 -------
This bug previously known as bug 2266 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.
Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
an account here. Reassigning to the person who moved
it here, firstname.lastname@example.org.
Previous reporter was email@example.com.
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.
Red Hat issued RHSA-2005:081-01:
for this bug for RHEL 3. RHEL uses ghostscript-7.05.
Our most recent ghostscript Packages:
RH7.3: 16325468 May 28 2003 ghostscript-6.52-9.5.src.rpm
RH9: 12862638 May 28 2003 ghostscript-7.05-32.1.src.rpm
FC1: 12816599 Aug 17 2004 ghostscript-7.07-15.4.src.rpm
FC2: 11920172 May 07 2004 ghostscript-7.07-25.src.rpm
This bug is mislabeled: It should have package "ghostscript", not "gv".
This bug affects FC2 also.
FWIW, This appears fixed in current FC3 and FC4.
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions. If the issue still persists in
current Fedora Core releases, please reopen. Thank you, and sorry about this.