ID CVE-2010-2055
Summary Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript_fonts:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript_fonts:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript_fonts:8.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript_fonts:8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:-:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:-:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:gpl_ghostscript:8.71:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:gpl_ghostscript:8.71:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 09-01-2015 - 23:44)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2012:0095
rpms
  • ghostscript-0:8.70-6.el5_7.6
  • ghostscript-devel-0:8.70-6.el5_7.6
  • ghostscript-gtk-0:8.70-6.el5_7.6
  • ghostscript-0:8.70-11.el6_2.6
  • ghostscript-devel-0:8.70-11.el6_2.6
  • ghostscript-doc-0:8.70-11.el6_2.6
  • ghostscript-gtk-0:8.70-11.el6_2.6
refmap via4
bugtraq
  • 20100522 Ghostscript 8.64 executes random code at startup
  • 20100526 Re: Ghostscript 8.64 executes random code at startup
confirm
fedora
  • FEDORA-2010-10642
  • FEDORA-2010-10660
gentoo GLSA-201412-17
osvdb 66247
secunia
  • 40452
  • 40475
  • 40532
suse SUSE-SR:2010:014
vupen ADV-2010-1757
Last major update 09-01-2015 - 23:44
Published 22-07-2010 - 05:43
Back to Top