National Cyber Awareness System

Vulnerability Summary for CVE-2010-2055

Overview

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=599564

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=599564

External Source: CONFIRM

Name: https://bugzilla.novell.com/show_bug.cgi?id=608071

Hyperlink:https://bugzilla.novell.com/show_bug.cgi?id=608071

External Source: VUPEN

Name: ADV-2010-1757

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1757

External Source: BUGTRAQ

Name: 20100526 Re: Ghostscript 8.64 executes random code at startup

Hyperlink:http://www.securityfocus.com/archive/1/511476

External Source: BUGTRAQ

Name: 20100526 Re: Ghostscript 8.64 executes random code at startup

Hyperlink:http://www.securityfocus.com/archive/1/511474

External Source: BUGTRAQ

Name: 20100526 Re: Ghostscript 8.64 executes random code at startup

Hyperlink:http://www.securityfocus.com/archive/1/511472

External Source: BUGTRAQ

Name: 20100522 Ghostscript 8.64 executes random code at startup

Hyperlink:http://www.securityfocus.com/archive/1/511433

External Source: OSVDB

Name: 66247

Hyperlink:http://www.osvdb.org/66247

External Source: SECUNIA

Name: 40532

Type: Advisory

Hyperlink:http://secunia.com/advisories/40532

External Source: SECUNIA

Name: 40475

Type: Advisory

Hyperlink:http://secunia.com/advisories/40475

External Source: SECUNIA

Name: 40452

Type: Advisory

Hyperlink:http://secunia.com/advisories/40452

External Source: CONFIRM

Name: http://savannah.gnu.org/forum/forum.php?forum_id=6368

Hyperlink:http://savannah.gnu.org/forum/forum.php?forum_id=6368

External Source: SUSE

Name: SUSE-SR:2010:014

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

External Source: FEDORA

Name: FEDORA-2010-10642

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html

External Source: FEDORA

Name: FEDORA-2010-10660

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html

External Source: CONFIRM

Name: http://bugs.ghostscript.com/show_bug.cgi?id=691350

Hyperlink:http://bugs.ghostscript.com/show_bug.cgi?id=691350

External Source: CONFIRM

Name: http://bugs.ghostscript.com/show_bug.cgi?id=691339

Hyperlink:http://bugs.ghostscript.com/show_bug.cgi?id=691339

External Source: CONFIRM

Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316

Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316

External Source: CONFIRM

Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183

Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183