Detections
Analytics
Scientific Linux Security Update : ghostscript on SL6.x, SL7.x i386/x86_64 (20170512)
high Nessus Plugin ID 100173
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
Security Fix(es) :- It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 100173
File Name: sl_20170512_ghostscript_on_SL6_x.nasl
Version: 3.8
Type: local
Agent: unix
Published: 5/15/2017
Updated: 5/25/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:ghostscript, p-cpe:/a:fermilab:scientific_linux:ghostscript-debuginfo, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:ghostscript-devel, p-cpe:/a:fermilab:scientific_linux:ghostscript-gtk, p-cpe:/a:fermilab:scientific_linux:ghostscript-doc, p-cpe:/a:fermilab:scientific_linux:ghostscript-cups
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/12/2017
Vulnerability Publication Date: 4/27/2017
CISA Known Exploited Vulnerability Due Dates: 6/14/2022
Reference Information
CVE: CVE-2017-8291