exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 61 RSS Feed

Files

safer.000317.EXP.1.5
Posted Apr 20, 2000

S.A.F.E.R. Security Bulletin 000317.EXP.1.5 - Remote user can obtain list of directories on Netscape. Netscape Enterprise Server with 'Web Publishing' enabled can be tricked into displaying the list of directories and subdirectories, if user supplies certain 'tags'.

tags | remote, web
SHA-256 | 28a1f7d9a52e29f7b6c7169a7703161db67a48f4e7b0b0a67e10192242dcf897

Related Files

Ghostscript Command Execution / Format String
Posted Jul 22, 2024
Authored by Thomas Rinsma, Christophe de la Fuente | Site metasploit.com

This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.

tags | exploit, arbitrary
advisories | CVE-2024-29510
SHA-256 | 3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8
Ubuntu Security Notice USN-6835-1
Posted Jun 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6835-1 - It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. Thomas Rinsma discovered that Ghostscript did not prevent changes to uniprint device argument strings after SAFER is activated, resulting in a format-string vulnerability. An attacker could possibly use this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-52722, CVE-2024-29510, CVE-2024-33869, CVE-2024-33870, CVE-2024-33871
SHA-256 | acc0b08a84cf2003c72bba80c8e2de0ecc271d27da321022690b5bb56fa5b4ca
Debian Security Advisory 5383-1
Posted Apr 6, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5383-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled).

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2023-28879
SHA-256 | 20839c97303e76e3135923bb933c5080afa93fabe4f74944a7392a4cbea91788
Debian Security Advisory 4972-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4972-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2021-3781
SHA-256 | efae9a961b56c9384742b0eb52f6aecb392a18a59c1e854ecd4ad068889fe62b
Microsoft SAFER Bypass
Posted Apr 30, 2021
Authored by Stefan Kanthak

A new SAFER bypass was discovered that affects older versions of windows.

tags | exploit
systems | windows
SHA-256 | af2bc8f393023dfcfdbaf3b86d4f45468c9560916410eab2deed331e64585960
Debian Security Advisory 4569-1
Posted Nov 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4569-1 - Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

tags | advisory
systems | linux, debian
advisories | CVE-2019-14869
SHA-256 | bbdc2afd872ceca391983d93c13437185b49088b9305b351976f9109a0048103
Debian Security Advisory 4518-1
Posted Sep 10, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4518-1 - It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

tags | advisory
systems | linux, debian
advisories | CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
SHA-256 | 145f9c1b7d37a2435ecc8ada24a5b7dea021655f4518162354a060565c6a9866
Ubuntu Security Notice USN-4111-1
Posted Aug 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4111-1 - Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when -dSAFER restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14811
SHA-256 | 1d8927fb5ab42e83bac5c9d5b553f9406fcbe964befd3851ce63f6117f2e091d
Debian Security Advisory 4499-1
Posted Aug 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4499-1 - Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

tags | advisory
systems | linux, debian
advisories | CVE-2019-10216
SHA-256 | dce42f1c15de7b1def39503e6664bd55afc37a0c207e79ef301442185c7d0bb2
Ubuntu Security Notice USN-4092-1
Posted Aug 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4092-1 - Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10216
SHA-256 | 045ac04ad356601247612be2e749f35a0449a3404a1e8cfb4ce8f03d6b8d64f0
Debian Security Advisory 4442-1
Posted May 13, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4442-1 - A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the - -dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2019-3839
SHA-256 | 99a97cb459e6cee554bbe1c498c6e25b188b1e4aacaea903dd842c71bcd69ba7
Debian Security Advisory 4432-1
Posted Apr 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4432-1 - Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2019-3835, CVE-2019-3838
SHA-256 | 51784f8be1c1e386af3b69b6266e3d0c02983e49cdfd148d34f4341856f0003c
Debian Security Advisory 4372-1
Posted Jan 26, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4372-1 - Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2019-6116
SHA-256 | b0892cae89455b1500d748194287668356da154746a396a174c05197889b74fc
Debian Security Advisory 4346-1
Posted Nov 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477
SHA-256 | 31d5f9ccd80e2ae52f634417dc51d4efec799681af5b520ee3732b3908bb345d
Debian Security Advisory 4336-1
Posted Nov 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4336-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-11645, CVE-2018-17961, CVE-2018-18073, CVE-2018-18284
SHA-256 | 7e05b4b5b1f00eff8bded029cb3e5ca4e7b8b42b276d38f2c46ed503799239a9
gsview -dSAFER Not Used
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

gsview does not run -dSAFER, allowing for the execution of arbitrary code.

tags | advisory, arbitrary
SHA-256 | 6a94b056b7d504ce2307bdccc8d5e12f15fcf4dca1e0b3b87b1b2cb5cbff9723
Debian Security Advisory 4294-1
Posted Sep 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4294-1 - Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2018-16509, CVE-2018-16802
SHA-256 | 45e8cc03f17d1c003d8c0c70b9c56bf113fa26a077c1c2d1be4862854c7547b1
Debian Security Advisory 4288-1
Posted Sep 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4288-1 - Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-15908, CVE-2018-15910, CVE-2018-15911, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543, CVE-2018-16585
SHA-256 | 18477014cefbdf337a9cab3834d2efb00fdbcfefed3231b01296b4569db49fa3
Ghostscript Failed Restore Command Execution
Posted Sep 6, 2018
Authored by Tavis Ormandy, wvu | Site metasploit.com

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscript.

tags | exploit, arbitrary
advisories | CVE-2018-16509
SHA-256 | 9a18d75e03ae94b3478787aa8898389327fe3597f03bcf6872c9a239283731ae
Ubuntu Security Notice USN-3272-2
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10217, CVE-2016-10219, CVE-2017-8291
SHA-256 | 89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49
Red Hat Security Advisory 2017-1230-01
Posted May 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1230-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-8291
SHA-256 | b65e6e58ed27babdee15105ea19a10437baad7a98432bf586ba47d5a3562cd81
Ubuntu Security Notice USN-3272-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3272-1 - It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10217, CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291
SHA-256 | 4015e0f3946b15d5f86b1f9f2e921a3c57df6d8cc654f08da49a0578dcfed0a9
Red Hat Security Advisory 2017-0014-01
Posted Jan 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0014-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target.

tags | advisory, info disclosure
systems | linux, redhat
advisories | CVE-2013-5653, CVE-2016-7977, CVE-2016-7979, CVE-2016-8602
SHA-256 | aa2fdec27486c01f7209535c9535208b6744bca79637e6dd48f51898e9bc84bd
Red Hat Security Advisory 2017-0013-01
Posted Jan 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0013-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target.

tags | advisory, info disclosure
systems | linux, redhat
advisories | CVE-2013-5653, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602
SHA-256 | 9c327c514fa6a634470cfb80a3fde3bfbb23360a42fb8ebe4816afd86c9d6859
Ghostscript -dSAFER Not Working
Posted Oct 2, 2016
Authored by Tavis Ormandy, Google Security Research

The ghostscript -dSAFER parameter that is used when handling untrusted documents appears broken on multiple distributions. This could result in arbitrary file disclosure on systems that process pdf, ps, use ImageMagick or graphicsmagick, etc.

tags | exploit, arbitrary
SHA-256 | dc280411e56c7501d5d20a65fe970344a58ad204857dc30600a3ba1be43070e4
Page 1 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close