Aladdin Ghostscript Symlink Vulnerability

A vulnerability exists in certain versions of Alladin Ghostscript, a multiplatform PostScript interpreter.

The method used by the program to create temporary files can allow a local user to carry out a symbolic link attack on files elsewhere in the affected host's filesystem. As a result, an attacker could potentially be permitted to read or overwrite sensitive information, (ie /etc/passwd). This could lead to an elevation of privileges, denial of service or further compromise of the target host.


 

Privacy Statement
Copyright 2010, SecurityFocus