CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/511476
http://www.securityfocus.com/archive/1/511472	Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
http://secunia.com/advisories/40475	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1757	Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
https://bugzilla.novell.com/show_bug.cgi?id=608071
http://www.securityfocus.com/archive/1/511474	Exploit
http://secunia.com/advisories/40452	Vendor Advisory
http://bugs.ghostscript.com/show_bug.cgi?id=691339	Exploit
http://www.osvdb.org/66247
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
https://bugzilla.redhat.com/show_bug.cgi?id=599564	Patch
http://www.securityfocus.com/archive/1/511433
http://bugs.ghostscript.com/show_bug.cgi?id=691350
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
http://secunia.com/advisories/40532	Vendor Advisory
http://savannah.gnu.org/forum/forum.php?forum_id=6368
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
https://rhn.redhat.com/errata/RHSA-2012-0095.html
http://security.gentoo.org/glsa/glsa-201412-17.xml

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:artifex:afpl_ghostscript:7.03:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:7.00:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:6.50:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:6.01:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.01:::::::*
	cpe:2.3:a:artifex:ghostscript_fonts:6.0:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.62:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.63:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.14:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.13:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.12:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.54:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.54:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.15:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:7.04:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.50:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.56:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.52:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.57:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.51:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.00:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.61:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.53:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:6.0:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript::::::::
	cpe:2.3:a:artifex:gpl_ghostscript:8.50:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.64:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.70:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.60:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.11:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.51:::::::*
	cpe:2.3:a:artifex:ghostscript_fonts:8.11:::::::*

Information

Published : 2010-07-21 22:43

Updated : 2015-01-09 15:44

NVD link : CVE-2010-2055

Mitre link : CVE-2010-2055

JSON object : View

CWE

CWE-17

DEPRECATED: Code

Products Affected

artifex

afpl_ghostscript
ghostscript_fonts
gpl_ghostscript

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/511476", "name": "20100526 Re: Ghostscript 8.64 executes random code at startup", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/511472", "name": "20100526 Re: Ghostscript 8.64 executes random code at startup", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html", "name": "FEDORA-2010-10642", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/40475", "name": "40475", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/1757", "name": "ADV-2010-1757", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=608071", "name": "https://bugzilla.novell.com/show_bug.cgi?id=608071", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/archive/1/511474", "name": "20100526 Re: Ghostscript 8.64 executes random code at startup", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://secunia.com/advisories/40452", "name": "40452", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339", "name": "http://bugs.ghostscript.com/show_bug.cgi?id=691339", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/66247", "name": "66247", "tags": [], "refsource": "OSVDB"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=599564", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/archive/1/511433", "name": "20100522 Ghostscript 8.64 executes random code at startup", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691350", "name": "http://bugs.ghostscript.com/show_bug.cgi?id=691350", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html", "name": "FEDORA-2010-10660", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/40532", "name": "40532", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6368", "name": "http://savannah.gnu.org/forum/forum.php?forum_id=6368", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "name": "SUSE-SR:2010:014", "tags": [], "refsource": "SUSE"}, {"url": "https://rhn.redhat.com/errata/RHSA-2012-0095.html", "name": "RHSA-2012:0095", "tags": [], "refsource": "REDHAT"}, {"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml", "name": "GLSA-201412-17", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-17"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2055", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-07-22T05:43Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:ghostscript_fonts:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.71"}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artifex:ghostscript_fonts:8.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-01-09T23:44Z"}

7.2 /10