oss-sec mailing list archives

Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284

From: Jordan Glover <Golden_Miller83 () protonmail ch>
Date: Thu, 18 Oct 2018 10:51:25 +0000

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, October 17, 2018 10:48 PM, Tavis Ormandy <taviso () google com> wrote:

Apparently it wasn't clear that this allowed reading and writing of arbitrary files, here is a full exploit (I just 
modified the CVE-2018-17961 exploit).

$ convert executeonly-bypass.pdf exploit.jpg
$ tail -1 ~/.bashrc
echo pwned by postscript

Thanks, Tavis.


Do you know if upstream is going to make new release soon or distros should take the
pain and backport all of those themselves?

Current thread:

ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
  - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
    - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
    - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
  - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
    - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
  - Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
    - Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
    - Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)