Lucene search

[email protected]CVE-2001-1353

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-1353

2001-09-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1353

ghostscript

vulnerability

file access

local users

arbitrary files

-dsafer

7.1 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

ghostscript before 6.51 allows local users to read and write arbitrary files as the ‘lp’ user via the file operator, even with -dSAFER enabled.

CPENameOperatorVersion
aladdin_enterprises:ghostscriptaladdin enterprises ghostscriptle6.51

CPE	Name	Operator	Version
aladdin_enterprises:ghostscript	aladdin enterprises ghostscript	le	6.51

References

archives.neohapsis.com/archives/hp/2001-q4/0069.html

marc.info/?l=lprng&m=100083210910857&w=2

rhn.redhat.com/errata/RHSA-2001-112.html

www.redhat.com/support/errata/RHSA-2001-138.html

7.1 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON