• info
• discussion
• exploit
• solution
• references

Ghostscript PostScript File Arbitrary Command Execution Vulnerability

Solution:
HP has advised applying the fixes described in Red Hat Advisory RHSA-2002:083 to HP Secure OS.

Fixes available:


Aladdin Enterprises Ghostscript 6.51

• Caldera ghostscript-6.51-10.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ ghostscript-6.51-10.i386.rpm


• Caldera ghostscript-doc-6.51-10.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ ghostscript-doc-6.51-10.i386.rpm


• Caldera ghostscript-fonts-6.51-10.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ ghostscript-fonts-6.51-10.i386.rpm


• Caldera ghostscript-fonts-cid-6.51-10.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ ghostscript-fonts-cid-6.51-10.i386.rpm

Aladdin Enterprises Ghostscript 6.52

• Red Hat ghostscript-6.51-16.1.6x.1.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/ghostscript-6.51-16.1.6x.1.al pha.rpm


• Red Hat ghostscript-6.51-16.1.6x.1.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/ghostscript-6.51-16.1.6x.1.i38 6.rpm


• Red Hat ghostscript-6.51-16.1.6x.1.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/ghostscript-6.51-16.1.6x.1.sp arc.rpm


• Red Hat ghostscript-6.51-16.1.7x.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/ghostscript-6.51-16.1.7x.alph a.rpm


• Red Hat ghostscript-6.51-16.1.7x.alpha.rpm
  ftp://updates.redhat.com/7.1/en/os/alpha/ghostscript-6.51-16.1.7x.alph a.rpm


• Red Hat ghostscript-6.51-16.1.7x.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/ghostscript-6.51-16.1.7x.i386. rpm


• Red Hat ghostscript-6.51-16.1.7x.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/ghostscript-6.51-16.1.7x.i386. rpm


• Red Hat ghostscript-6.51-16.1.7x.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/ghostscript-6.51-16.1.7x.ia64. rpm


• Red Hat ghostscript-6.51-16.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/ghostscript-6.51-16.2.i386.rpm


• Red Hat ghostscript-6.51-16.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/ghostscript-6.51-16.2.ia64.rpm


• Red Hat ghostscript-6.52-9.4.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/ghostscript-6.52-9.4.i386.rpm


• Red Hat printconf-0.3.61-4.1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/printconf-0.3.61-4.1.i386.rpm


• Red Hat printconf-0.3.61-4.1.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/printconf-0.3.61-4.1.ia64.rpm


• Red Hat printconf-gui-0.3.61-4.1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/printconf-gui-0.3.61-4.1.i386. rpm


• Red Hat printconf-gui-0.3.61-4.1.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/printconf-gui-0.3.61-4.1.ia64. rpm


• Red Hat VFlib2-2.25.1-11.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/VFlib2-2.25.1-11.6x.alpha.rpm


• Red Hat VFlib2-2.25.1-11.6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/VFlib2-2.25.1-11.6x.i386.rpm


• Red Hat VFlib2-2.25.1-11.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/VFlib2-2.25.1-11.6x.sparc.rpm


• Red Hat VFlib2-2.25.1-12.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/VFlib2-2.25.1-12.alpha.rpm


• Red Hat VFlib2-2.25.1-12.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/VFlib2-2.25.1-12.i386.rpm


• Red Hat VFlib2-devel-2.25.1-11.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/VFlib2-devel-2.25.1-11.6x.alp ha.rpm


• Red Hat VFlib2-devel-2.25.1-11.6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/VFlib2-devel-2.25.1-11.6x.i386 .rpm


• Red Hat VFlib2-devel-2.25.1-11.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/VFlib2-devel-2.25.1-11.6x.spa rc.rpm


• Red Hat VFlib2-devel-2.25.1-12.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/VFlib2-devel-2.25.1-12.alpha. rpm


• Red Hat VFlib2-devel-2.25.1-12.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/VFlib2-devel-2.25.1-12.i386.rp m


• Red Hat VFlib2-VFjfm-2.25.1-11.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/VFlib2-VFjfm-2.25.1-11.6x.alp ha.rpm


• Red Hat VFlib2-VFjfm-2.25.1-11.6x.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/VFlib2-VFjfm-2.25.1-11.6x.i386 .rpm


• Red Hat VFlib2-VFjfm-2.25.1-11.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/VFlib2-VFjfm-2.25.1-11.6x.spa rc.rpm


• Red Hat VFlib2-VFjfm-2.25.1-12.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/VFlib2-VFjfm-2.25.1-12.alpha. rpm


• Red Hat VFlib2-VFjfm-2.25.1-12.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/VFlib2-VFjfm-2.25.1-12.i386.rp m


• Red Hat xtt-fonts-0.19990222-8.6x.noarch.rpm
  ftp://updates.redhat.com/6.2/en/os/noarch/xtt-fonts-0.19990222-8.6x.no arch.rpm


• Red Hat xtt-fonts-0.19990222-9.noarch.rpm
  ftp://updates.redhat.com/7.0/en/os/noarch/xtt-fonts-0.19990222-9.noarc h.rpm