ArchLinux: 202109-3: ghostscript: arbitrary command execution | Lin...

Advisories

Arch Linux Security Advisory ASA-202109-3
=========================================

Severity: High
Date    : 2021-09-14
CVE-ID  : CVE-2021-3781
Package : ghostscript
Type    : arbitrary command execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2374

Summary
=======

The package ghostscript before version 9.54.0-3 is vulnerable to
arbitrary command execution.

Resolution
==========

Upgrade to 9.54.0-3.

# pacman -Syu "ghostscript>=9.54.0-3"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

A trivial sandbox (enabled with the -dSAFER option) escape security
issue was found in the ghostscript interpreter by injecting a specially
crafted pipe command. This flaw allows a specially crafted document to
execute arbitrary commands on the system in the context of the
ghostscript interpreter.

Impact
======

An attacker could execute arbitrary commands through crafted documents,
bypassing the interpreter's sandbox.

References
==========

https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://bugs.ghostscript.com/show_bug.cgi?id=704342
https://twitter.com/emil_lerner/status/1430502815181463559
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
https://security.archlinux.org/CVE-2021-3781

ArchLinux: 202109-3: ghostscript: arbitrary command execution

September 15, 2021
The package ghostscript before version 9.54.0-3 is vulnerable to arbitrary command execution

Summary

A trivial sandbox (enabled with the -dSAFER option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter.

Resolution

Upgrade to 9.54.0-3.
# pacman -Syu "ghostscript>=9.54.0-3"
The problem has been fixed upstream but no release is available yet.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://bugs.ghostscript.com/show_bug.cgi?id=704342 https://twitter.com/emil_lerner/status/1430502815181463559 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20 https://security.archlinux.org/CVE-2021-3781

Severity
CVE-ID : CVE-2021-3781
Package : ghostscript
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-2374

Impact

An attacker could execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.