EulerOS Virtualization 2.5.2 : ghostscript (EulerOS-SA-2019-1087)

high Nessus Plugin ID 122709

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.(CVE-2018-10194)

- In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.(CVE-2018-15910)

- An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.(CVE-2018-16509)

- In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.(CVE-2018-16542)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected ghostscript packages.

See Also

http://www.nessus.org/u?4d34b5ca

Plugin Details

Severity: High

ID: 122709

File Name: EulerOS_SA-2019-1087.nasl

Version: 1.8

Type: local

Published: 3/8/2019

Updated: 6/14/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-16509

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:huawei:euleros:uvp:2.5.2, p-cpe:/a:huawei:euleros:ghostscript

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/7/2019

Exploitable With

Metasploit (Ghostscript Failed Restore Command Execution)

Reference Information

CVE: CVE-2018-10194, CVE-2018-15910, CVE-2018-16509, CVE-2018-16542