Alladin Ghostscript存在符号连接漏洞发布时间:2000-11-27 更新时间:2000-11-27 严重程度:中 威胁程度:本地拒绝服务 错误类型:竞争条件 利用方式:服务器模式 受影响系统 Aladdin Enterprises Ghostscript 5.50详细描述 Alladin Ghostscript存在一个漏洞,可以让本地用户在建立的临时文件中 建立符号连接并进行攻击。这样导致攻击者可读和写一些敏感信息文件。 测试代码 尚无 解决方案 各系统的补丁: Aladdin Enterprises Ghostscript 5.10.10: Debian upgrade 2.2 gs_5.10-10.1_arm http://security.debian.org/dists/stable/updates/main/binary-arm/gs_5.10-10.1_arm.deb Debian upgrade 2.2 gs_5.10-10.1_i386 http://security.debian.org/dists/stable/updates/main/binary-i386/gs_5.10-10.1_i386.deb Debian upgrade 2.2 gs_5.10-10.1_m68k http://security.debian.org/dists/stable/updates/main/binary-m68k/gs_5.10-10.1_m68k.deb Debian upgrade 2.2 gs_5.10-10.1_powerpc http://security.debian.org/dists/stable/updates/main/binary-powerpc/gs_5.10-10.1_powerpc.deb Debian upgrade 2.2 gs_5.10-10.1_sparc http://security.debian.org/dists/stable/updates/main/binary-sparc/gs_5.10-10.1_sparc.deb Mandrake RPM 7.0 ghostscript-5.10-17.1mdk.i586 http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ghostscript-5.10-17.1mdk.i586.rpm Aladdin Enterprises Ghostscript 4.3: Red Hat RPM 5.2 ghostscript-4.03-2.alpha ftp://updates.redhat.com/5.2/alpha/ghostscript-4.03-2.alpha.rpm Red Hat RPM 5.2 ghostscript-4.03-2.sparc ftp://updates.redhat.com/5.2/sparc/ghostscript-4.03-2.sparc.rpm Red Hat RPM 5.2 ghostscript-4.03-2.i386 ftp://updates.redhat.com/5.2/i386/ghostscript-4.03-2.i386.rpm Red Hat RPM 6.2 ghostscript-5.50-8_6.x.alpha ftp://updates.redhat.com/6.2/alpha/ghostscript-5.50-8_6.x.alpha.rpm Red Hat RPM 6.2 ghostscript-5.50-8_6.x.sparc ftp://updates.redhat.com/6.2/sparc/ghostscript-5.50-8_6.x.sparc.rpm Red Hat RPM 6.2 ghostscript-5.50-8_6.x.i386 ftp://updates.redhat.com/6.2/i386/ghostscript-5.50-8_6.x.i386.rpm Red Hat RPM 7.0 ghostscript-5.50-8.i386 ftp://updates.redhat.com/7.0/i386/ghostscript-5.50-8.i386.rpm 相关信息 |
