首页 -> 安全研究
安全研究
安全漏洞
Ghostscript 符号链接漏洞
发布日期:2000-11-27
更新日期:2000-11-27
受影响系统:
不受影响系统:
Aladdin Enterprises Ghostscript 5.50
+ RedHat Linux 7.0
+ RedHat Linux 6.2
Aladdin Enterprises Ghostscript 5.10.15
+ Caldera eServer 2.3
+ Caldera eDesktop 2.4
+ Caldera OpenLinux eBuilder 3.0
+ Caldera OpenLinux Desktop 2.3
Aladdin Enterprises Ghostscript 5.10.10
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.0
+ MandrakeSoft Linux Mandrake 6.1
+ MandrakeSoft Linux Mandrake 6.0
+ Debian Linux 2.2
Aladdin Enterprises Ghostscript 4.3
+ RedHat Linux 5.2
描述:
Aladdin Enterprises Ghostscript 5.50.8
Aladdin Enterprises Ghostscript 5.10.16
Aladdin Enterprises Ghostscript 5.10.10-1
Aladdin Enterprises Ghostscript 4.3.
Alladin Ghostscript是一个Linux下用来阅读PostScript文件的工具。它的某
些版本存在一个安全问题。由于在创建临时文件时存在问题,允许本地攻击者
发动符号连接攻击,攻击者可能读写某些敏感文件,例如/etc/passwd等。这
可能导致非法权限提升以及拒绝服务等后果。
<*来源:Caldera, Debian, Mandrake 和 Red Hat的安全公告 *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
厂商补丁:
Caldera, Debian, Mandrake 和 Red Hat四家Linux厂商已经提供了升级程序:
[ redhat ]
Red Hat Linux 5.2:
alpha:
ftp://updates.redhat.com/5.2/alpha/ghostscript-4.03-2.alpha.rpm
sparc:
ftp://updates.redhat.com/5.2/sparc/ghostscript-4.03-2.sparc.rpm
i386:
ftp://updates.redhat.com/5.2/i386/ghostscript-4.03-2.i386.rpm
sources:
ftp://updates.redhat.com/5.2/SRPMS/ghostscript-4.03-2.src.rpm
Red Hat Linux 6.2:
alpha:
ftp://updates.redhat.com/6.2/alpha/ghostscript-5.50-8_6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/ghostscript-5.50-8_6.x.alpha.rpm
sparc:
ftp://updates.redhat.com/6.2/sparc/ghostscript-5.50-8_6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/ghostscript-5.50-8_6.x.sparc.rpm
i386:
ftp://updates.redhat.com/6.2/i386/ghostscript-5.50-8_6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/ghostscript-5.50-8_6.x.i386.rpm
sources:
ftp://updates.redhat.com/6.2/SRPMS/ghostscript-5.50-8_6.x.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/ghostscript-5.50-8_6.x.src.rpm
Red Hat Linux 7.0:
i386:
ftp://updates.redhat.com/7.0/i386/ghostscript-5.50-8.i386.rpm
sources:
ftp://updates.redhat.com/7.0/SRPMS/ghostscript-5.50-8.src.rpm
[ Linux-Mandrake ]
Linux-Mandrake 6.0:
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/ghostscript-5.10-10.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/SRPMS/ghostscript-5.10-10.1mdk.src.rpm
Linux-Mandrake 6.1:
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/ghostscript-5.10-10.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/SRPMS/ghostscript-5.10-10.1mdk.src.rpm
Linux-Mandrake 7.0:
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ghostscript-5.10-17.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ghostscript-Both-5.10-17.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ghostscript-PrintOnly-5.10-17.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ghostscript-SVGALIB-5.10-17.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ghostscript-X-5.10-17.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/SRPMS/ghostscript-5.10-17.1mdk.src.rpm
Linux-Mandrake 7.1:
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/ghostscript-5.50-9.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/ghostscript-Both-5.50-9.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/ghostscript-PrintOnly-5.50-9.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/ghostscript-SVGALIB-5.50-9.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/ghostscript-X-5.50-9.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/SRPMS/ghostscript-5.50-9.1mdk.src.rpm
Linux-Mandrake 7.2:
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ghostscript-5.50-35.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ghostscript-module-SVGALIB-5.50-35.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ghostscript-module-X-5.50-35.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ghostscript-utils-5.50-35.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/SRPMS/ghostscript-5.50-35.1mdk.src.rpm
[ Debian ]
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Source archives:
http://security.debian.org/dists/stable/updates/main/source/gs_5.10-10.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/gs_5.10-10.1.dsc
http://security.debian.org/dists/stable/updates/main/source/gs_5.10.orig.tar.gz
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/gs_5.10-10.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/gs_5.10-10.1_arm.deb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/gs_5.10-10.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/gs_5.10-10.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gs_5.10-10.1_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/gs_5.10-10.1_sparc.deb
[ Caldera Linux ]
参见Caldera安全公告:
http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
浏览次数:6407
严重程度:0(网友投票)
绿盟科技给您安全的保障