CVE-2004-0967

Description

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

Affected products

• aladdin_enterprises / ghostscript4.3 – 4.3
• aladdin_enterprises / ghostscript4.3.2 – 4.3.2
• aladdin_enterprises / ghostscript5.10.10 – 5.10.10
• aladdin_enterprises / ghostscript5.10.10 – 5.10.10
• aladdin_enterprises / ghostscript5.10.10_1 – 5.10.10_1
• aladdin_enterprises / ghostscript5.10.10_1 – 5.10.10_1
• aladdin_enterprises / ghostscript5.10.12cl – 5.10.12cl
• aladdin_enterprises / ghostscript5.10.15 – 5.10.15
• aladdin_enterprises / ghostscript5.10.16 – 5.10.16
• aladdin_enterprises / ghostscript5.10cl – 5.10cl
• aladdin_enterprises / ghostscript5.50 – 5.50
• aladdin_enterprises / ghostscript5.50.8 – 5.50.8
• aladdin_enterprises / ghostscript5.50.8_7 – 5.50.8_7
• aladdin_enterprises / ghostscript6.51 – 6.51
• aladdin_enterprises / ghostscript6.52 – 6.52
• aladdin_enterprises / ghostscript6.53 – 6.53
• aladdin_enterprises / ghostscript7.0.4 – 7.0.4
• aladdin_enterprises / ghostscript7.0.5 – 7.0.5
• aladdin_enterprises / ghostscript7.0.6 – 7.0.6
• aladdin_enterprises / ghostscript7.0.7 – 7.0.7

References

• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17583
• VENDOR_ADVISORYhttp://secunia.com/advisories/19799
• MISChttp://www.trustix.org/errata/2004/0050
• VENDOR_ADVISORYhttp://secunia.com/advisories/20056
• MISChttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321
• MISCftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt
• VENDOR_ADVISORYhttp://secunia.com/advisories/16997
• MISChttp://www.redhat.com/support/errata/RHSA-2005-081.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/17135
• VENDOR_ADVISORYhttps://www.ubuntu.com/usn/usn-3-1/
• MISChttp://www.securityfocus.com/bid/11285
• MISCftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt