| New User, Welcome! Login |
RE: Ghostscript 8.64 executes random code at startup
| From: |
"Michael Wojcik" <Michael Wojcik microfocus com> |
| To: |
<bugtraq securityfocus com> |
| Cc: |
|
| Subject: |
RE: Ghostscript 8.64 executes random code at startup |
| Date: |
Mon - May 31, 2010 01:43 PM |
> From: paul.szabo@sydney.edu.au [mailto:paul.szabo@sydney.edu.au]
> Sent: Sunday, 30 May, 2010 06:50
>
> I also see no -P- and no absolute paths for the ps files mentioned in
> many "gs scripts" e.g. /usr/bin/pdf2dsc or /usr/bin/ps2ascii . Also,
> crappy coding for "GS_EXECUTABLE=gs". Am not sure if these are
> "originally gs" or "Debian special".
I believe they're all part of the standard Ghostscript distribution; at
any rate, they're in the Windows Ghostscript distribution I have
installed here.
The Windows scripts (gs*\lib\*.bat) are similarly vulnerable: no use of
-P-, and letting the executable name be overridden by an environment
variable.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
