• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Aladdin Ghostscript Symlink Vulnerability

Solution:
Several Linux vendors have released new versions of the Ghostscript package which address this vulnerability, including Caldera, Debian, Mandrake and Red Hat.

For each vendor, the proper solution is to upgrade to the newer, fixed version.


Aladdin Enterprises Ghostscript 4.3

• Red Hat Inc. 5.2 alpha ghostscript-4.03-2.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/ghostscript-4.03-2.alpha.rpm


• Red Hat Inc. 5.2 i386 ghostscript-4.03-2.i386.rpm
  ftp://updates.redhat.com/5.2/i386/ghostscript-4.03-2.i386.rpm


• Red Hat Inc. 5.2 sparc ghostscript-4.03-2.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/ghostscript-4.03-2.sparc.rpm

Aladdin Enterprises Ghostscript 5.10.10

• Debian 2.2 gs_5.10-10.1_arm
  http://security.debian.org/dists/stable/updates/main/binary-arm/gs_5.1 0-10.1_arm.deb


• Debian 2.2 gs_5.10-10.1_i386
  http://security.debian.org/dists/stable/updates/main/binary-i386/gs_5. 10-10.1_i386.deb


• Debian 2.2 gs_5.10-10.1_m68k
  http://security.debian.org/dists/stable/updates/main/binary-m68k/gs_5. 10-10.1_m68k.deb


• Debian 2.2 gs_5.10-10.1_powerpc
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/gs _5.10-10.1_powerpc.deb


• Debian 2.2 gs_5.10-10.1_sparc
  http://security.debian.org/dists/stable/updates/main/binary-sparc/gs_5 .10-10.1_sparc.deb


• MandrakeSoft 7.0 i386 ghostscript-5.10-17.1mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ ghostscript-5.10-17.1mdk.i586.rpm

Aladdin Enterprises Ghostscript 5.50

• MandrakeSoft 7.2 i386 ghostscript-5.50-35.1mdk.i586.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ ghostscript-5.50-35.1mdk.i586.rpm


• Red Hat Inc. 6.2 alpha ghostscript-5.50-8_6.x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/ghostscript-5.50-8_6.x.alpha.rpm


• Red Hat Inc. 6.2 i386 ghostscript-5.50-8_6.x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/ghostscript-5.50-8_6.x.i386.rpm


• Red Hat Inc. 6.2 sparc ghostscript-5.50-8_6.x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/ghostscript-5.50-8_6.x.sparc.rpm


• Red Hat Inc. 7.0 i386 ghostscript-5.50-8.i386.rpm
  ftp://updates.redhat.com/7.0/i386/ghostscript-5.50-8.i386.rpm