oss-sec mailing list archives
Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284
From: Jordan Glover <Golden_Miller83 () protonmail ch>
Date: Thu, 18 Oct 2018 10:51:25 +0000
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, October 17, 2018 10:48 PM, Tavis Ormandy <taviso () google com> wrote:
Apparently it wasn't clear that this allowed reading and writing of arbitrary files, here is a full exploit (I just modified the CVE-2018-17961 exploit). $ convert executeonly-bypass.pdf exploit.jpg $ tail -1 ~/.bashrc echo pwned by postscript Thanks, Tavis.
Do you know if upstream is going to make new release soon or distros should take the pain and backport all of those themselves?
Current thread:
- ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)