EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-2436)

medium Nessus Plugin ID 207207

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.(CVE-2024-29510)

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.(CVE-2024-33870)

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.(CVE-2024-33869)

Tenable has extracted the preceding description block directly from the EulerOS ghostscript security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected ghostscript packages.

See Also

http://www.nessus.org/u?54c00308

Plugin Details

Severity: Medium

ID: 207207

File Name: EulerOS_SA-2024-2436.nasl

Version: 1.5

Type: local

Published: 9/12/2024

Updated: 11/15/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:P

CVSS Score Source: CVE-2024-33870

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:ghostscript, cpe:/o:huawei:euleros:2.0, p-cpe:/a:huawei:euleros:ghostscript-help

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/11/2024

Vulnerability Publication Date: 6/13/2024

Exploitable With

Metasploit (Ghostscript Command Execution via Format String)

Reference Information

CVE: CVE-2024-29510, CVE-2024-33869, CVE-2024-33870

IAVB: 2024-B-0074-S