Bug 2217798 (CVE-2023-36664) - CVE-2023-36664 ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices [NEEDINFO]
Summary: CVE-2023-36664 ghostscript: vulnerable to OS command injection due to mishand...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-36664
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2217809 2217810 2217799 2217800 2217801 2217802 2217803 2217804 2217805 2217806 2217807 2217808
Blocks: 2213478
TreeView+ depends on / blocked
 
Reported: 2023-06-27 06:45 UTC by Sandipan Roy
Modified: 2023-08-01 11:35 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Clone Of:
Environment:
Last Closed: 2023-08-01 11:35:44 UTC
Embargoed:
mdogra: needinfo? (nobody)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4324 0 None None None 2023-07-31 08:23:43 UTC

Description Sandipan Roy 2023-06-27 06:45:59 UTC 
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

References
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
https://bugs.ghostscript.com/show_bug.cgi?id=706761
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c
Comment 1 Sandipan Roy 2023-06-27 06:48:53 UTC 
Created ghostscript tracking bugs for this issue:

Affects: fedora-37 [bug 2217805]
Affects: fedora-38 [bug 2217806]
Comment 8 Michael J Gruber 2023-07-14 08:18:04 UTC 
(In reply to Sandipan Roy from comment #0)
> Artifex Ghostscript through 10.01.2 mishandles permission validation for
> pipe devices (with the %pipe% prefix or the | pipe character prefix).
> 
> References
> https://git.ghostscript.com/?p=ghostpdl.git;a=commit;
> h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
> https://bugs.ghostscript.com/show_bug.cgi?id=706761
> https://git.ghostscript.com/?p=ghostpdl.git;a=commit;
> h=505eab7782b429017eb434b2b95120855f2b0e3c

Are you sure "through 10.01.2" is correct?

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb342fdb60391073a69147cb71af1ac416a81099

seem to be the corresponding commits in the 10.01.2 release.
Comment 10 Michael J Gruber 2023-07-21 09:06:55 UTC 
FYI: If someone cares to give karma on the F37 update then that one will go stable, too. F39/F38 are already.

All the others bugs are locked. Good luck :)
Comment 11 errata-xmlrpc 2023-07-31 08:23:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4324 https://access.redhat.com/errata/RHSA-2023:4324
Comment 12 Product Security DevOps Team 2023-08-01 11:35:42 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-36664
Note You need to log in before you can comment on or make changes to this bug.