Bug 1619756 (CVE-2018-15908) - CVE-2018-15908 ghostscript: .tempfile file permission issues (699657)
Summary: CVE-2018-15908 ghostscript: .tempfile file permission issues (699657)
Status: CLOSED ERRATA
Alias: CVE-2018-15908
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20180821,repo...
Keywords: Security
Depends On: 1621162 1621159 1621164 1654367
Blocks: 1619570
TreeView+ depends on / blocked
 
Reported: 2018-08-21 16:19 UTC by Stefan Cornelius
Modified: 2019-06-08 23:33 UTC (History)
15 users (show)

(edit)
It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document.
Clone Of:
(edit)
Last Closed: 2018-11-28 15:41:15 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3650 None None None 2018-11-27 01:21 UTC

Description Stefan Cornelius 2018-08-21 16:19:21 UTC
It was discovered that the ghostscript .tempfile function did not properly handle file permissions. A specially crafted PostScript document could possibly exploit this to bypass the -dSAFER protection and delete files or disclose their content.

Comment 1 Stefan Cornelius 2018-08-21 16:26:02 UTC
External References:

http://seclists.org/oss-sec/2018/q3/142

Comment 2 Stefan Cornelius 2018-08-22 10:19:49 UTC
Mitigation:

Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3

Comment 6 Stefan Cornelius 2018-08-23 15:36:34 UTC
Acknowledgments:

Name: Tavis Ormandy (Google Project Zero)

Comment 10 errata-xmlrpc 2018-11-27 01:21:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3650 https://access.redhat.com/errata/RHSA-2018:3650

Comment 11 Cedric Buissart 🐶 2018-11-28 15:40:20 UTC
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 1654367]


Note You need to log in before you can comment on or make changes to this bug.