GS-Common PS2Epsi Insecure Temporary File Vulnerability

info
discussion
exploit
solution
references

GS-Common PS2Epsi Insecure Temporary File Vulnerability

The ps2espi script included with gs-common creates temporary files in an insecure manner when invoking Ghostscript. A malicious local user could exploit this condition to create a symbolic link that could corrupt any local file which is writeable by the user invoking the vulnerable script.