6.8
CVSSv2

CVE-2019-6116

Published: 21/03/2019 Updated: 24/08/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Artifex Ghostscript up to and including 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Vulnerability Trend

Vendor Advisories

Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file ...
Synopsis Important: ghostscript security and bug fix update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: ghostscript security update Type/Severity Security Advisory: Important Topic An update for ghostscript is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Impact: Important Public Date: 2019-01-23 Bugzilla: 1666636: CVE-2019-6116 ghostscript: subroutines with ...
Arch Linux Security Advisory ASA-201901-18 ========================================== Severity: High Date : 2019-01-29 CVE-ID : CVE-2019-6116 Package : ghostscript Type : sandbox escape Remote : Yes Link : securityarchlinuxorg/AVG-860 Summary ======= The package ghostscript before version 926-2 is vulnerable to sandbox esca ...
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands ...
Arch Linux Security Advisory ASA-201904-5 ========================================= Severity: High Date : 2019-04-11 CVE-ID : CVE-2019-3835 CVE-2019-3838 Package : ghostscript Type : sandbox escape Remote : Yes Link : securityarchlinuxorg/AVG-929 Summary ======= The package ghostscript before version 927-1 is vulnerable to ...
Oracle Linux Bulletin - Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released These bu ...

Exploits

I noticed ghostscript 926 was released, so had a quick look and spotted some errors For background, this is how you define a subroutine in postscript: /hello { (hello\n) print } def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as executeonly if you're using system operators Tha ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso January 26, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ghostscript (SSA:2019-092-01) New ghostscript packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/ghostscript-926-i586-1_slack142txz: Upgraded ...
Hi, This is to disclose 2 vulnerabilities in ghostscript (ghostscriptcom/) 1- CVE-2019-3835 ghostscript: superexec operator is available It was found that the superexec operator was available in the internal dictionary A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system o ...

Github Repositories

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications This repository contains the data for the paper "CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications" This submitted artifact only consists of the data we used in section 3, which includes the raw traces (in text format, abou

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问( autoindex ) iis短文件名 IIS-ShortName-Scanner

References

NVD-CWE-noinfohttp://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.htmlhttp://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.htmlhttp://www.openwall.com/lists/oss-security/2019/01/23/5http://www.openwall.com/lists/oss-security/2019/03/21/1http://www.securityfocus.com/bid/106700https://access.redhat.com/errata/RHBA-2019:0327https://access.redhat.com/errata/RHSA-2019:0229https://bugs.chromium.org/p/project-zero/issues/detail?id=1729https://bugs.ghostscript.com/show_bug.cgi?id=700317https://lists.debian.org/debian-lts-announce/2019/02/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/https://seclists.org/bugtraq/2019/Apr/4https://security.gentoo.org/glsa/202004-03https://usn.ubuntu.com/3866-1/https://www.debian.org/security/2019/dsa-4372https://www.exploit-db.com/exploits/46242/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2019-6116https://usn.ubuntu.com/3866-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/46242