Detections
Analytics
Debian DSA-2093-1 : ghostscript - several vulnerabilities
high Nessus Plugin ID 48386
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2009-4897 A buffer overflow was discovered that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF document containing a long name.
- CVE-2010-1628 Dan Rosenberg discovered that ghostscript incorrectly handled certain recursive Postscript files. An attacker could execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.
Solution
Upgrade the ghostscript package.For the stable distribution (lenny), these problems have been fixed in version 8.62.dfsg.1-3.2lenny5
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584516
https://security-tracker.debian.org/tracker/CVE-2009-4897
Plugin Details
Severity: High
ID: 48386
File Name: debian_DSA-2093.nasl
Version: 1.9
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 8/23/2010
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:ghostscript, cpe:/o:debian:debian_linux:5.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/19/2010
Reference Information
CVE: CVE-2009-4897, CVE-2010-1628
DSA: 2093