Full Disclosure mailing list archives
Re: Multiple memory corruption vulnerabilities in Ghostscript
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Wed, 12 May 2010 00:37:55 -0400
On Tue, May 11, 2010 at 11:44 PM, Marsh Ray <marsh () extendedsubset com> wrote:
How are you supposed to trust a document before you read it?! Judge it by it's cover perhaps?
Unfortunately, there are few options for mitigation in a scenario like this. While I understand the importance of Ghostscript in many setups, this situation comes down to a question of security versus functionality. In encouraging users to "avoid processing untrusted PostScript files", I was referring to the act of opening PostScript files from unknown or untrusted sources, as opposed to people you know or websites you trust. Perhaps the best thing to do would be to put pressure on the Ghostscript developers to release a fix for these issues. Despite the fact that these issues were reported months ago, I have opened a new entry in their Bugzilla tonight, which you can follow if you're interested in their progress on a fix: http://bugs.ghostscript.com/show_bug.cgi?id=691295 The disclosure of these bugs without a fix is unfortunate, but the fact that two researchers discovered the same vulnerability independently should suggest that it is the type of bug that may be being exploited in the wild.
Ghostscript is an important part of most Linux systems out there. If you remove Ghostscript, you remove the ability to print in most cases. The advice to avoid opening unknown PS files is good.Unless you're a printer.
This is absolutely true, which is why concerned administrators may want to restrict the ability of users to print PostScript documents if they're worried about these bugs. The potential for exploitation in this case seems real but somewhat low: either a trusted user would need to print a maliciously crafted document without first viewing it, or an untrusted user already has access to your printer, which might suggest other problems.
Last I checked (a long long time ago), PDF wasn't a Turing-complete programming language like Postscript, so it wouldn't allow recursion needed for this flaw. Maybe that's why they couldn't resist adding Javascript to it.If such an attack is possible with a PDF, the flaw is potentially much more serious.Well, I need to read 'em both. - Marsh
You are correct that PDF lacks the recursion needed to exploit the second flaw. Plus, the PostScript interpreter is a separate component of Ghostscript from PDF rendering, so there's no reason to assume that a bug in PostScript would affect PDF or vice versa. I've confirmed that Ghostscript is not vulnerable to the PDF equivalent of the described stack overflow. -Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple memory corruption vulnerabilities in Ghostscript Dan Rosenberg (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Peter Besenbruch (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Marsh Ray (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Dan Rosenberg (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Marsh Ray (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Peter Besenbruch (May 11)