Major Vulnerability in Ghostscript, an Interpreter for PDF page descriptions
Synopsis:
Ghostscript is an interpreter for Adobe Post Script and PDF page descriptions, its found to be a widely used application in all PDF editing and viewing softwares.
Vulnerability:
It consists of a -dSAFER sanbox bye pass vulnerability, which would allow access to unauthenticated attackers to execute remote coding and arbitrary commands. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick, GraphicsMagick, evince, Okular, Nautilus, and all PDF editing or viewing software.
Ghostscript is an interpreter for Adobe Post Script and PDF page descriptions, its found to be a widely used application in all PDF editing and viewing softwares.
Vulnerability:
It consists of a -dSAFER sanbox bye pass vulnerability, which would allow access to unauthenticated attackers to execute remote coding and arbitrary commands. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick, GraphicsMagick, evince, Okular, Nautilus, and all PDF editing or viewing software.
Remediation:
The security eminent's says, the most effective protection way for this vulnerability is to remove the Ghostscript until an optimum fix is arrived.
However please remove it at your own risk consulting your Network/Security analyst in your organization.
The security eminent's says, the most effective protection way for this vulnerability is to remove the Ghostscript until an optimum fix is arrived.
However please remove it at your own risk consulting your Network/Security analyst in your organization.
Here are the steps For Windows, Mac and Linux .
We are providing the scripts in our templates for this vulnerability.
These can be used to either just detect or detect and delete this vulnerability causing package.
Script Names:
Script Names:
- For Windows: GhostscriptVulnerabilityForWindows.exe
-
For Mac: GhostscriptVulnerabilityForMac.sh
-
For Linux (DEB based OS - Ubuntu, Debian, Linux Mint, etc): GhostscriptVulnerabilityForLinuxDeb.sh
- For Linux (RPM based OS - Red Hat, CentOS, Fedora, etc): GhostscriptVulnerabilityForLinuxRpm.sh
These scripts can be found in the Script Repository -> Templates View [kindly refer attached snapshot for better clarity]
For Detection and Deletion:
By default this script performs the detection and deletion of the ghostscript package/software, which causes this vulnerability.
He can create a custom script configuration, and deploy it onto the machines the result will be as follows:
If the machine does not have the vulnerability or it has been successfully uninstalled, then the script will return as Successfully executed.
If there was any failure during the uninstallation, then the script will return as Failed.
For Detection alone:
If the customer only wants to detect the machines which has the ghostscript package, but not delete.
Then, He can provide the script argument 'detect' (all small) to get the desired outcome.
If the machine does not have the vulnerability, then the script will return as Successfully executed.
If the machine has this vulnerability, then the script will return as Failed.
