EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1100)

🗓️ 09 Jun 2017 00:00:00Reported by TenableType

EulerOS 2.0 SP1 vulnerability in ghostscript packag

Reporter	Title	Published	Views	Family All 118
0day.today	Ghostscript 9.21 Type Confusion Arbitrary Command Execution Exploit	2 May 201700:00	–	zdt
GithubExploit	Exploit for CVE-2018-16509	15 Oct 201807:44	–	githubexploit
IBM Security Bulletins	Security Bulletin: A vulnerability in ghostscript affects PowerKVM	18 Jun 201801:36	–	ibm
ATTACKERKB	CVE-2017-8291	27 Apr 201700:00	–	attackerkb
Amazon	Important: ghostscript	6 Jun 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : ghostscript (ALAS-2017-837)	7 Jun 201700:00	–	nessus
Tenable Nessus	CentOS 6 / 7 : ghostscript (CESA-2017:1230)	16 May 201700:00	–	nessus
Tenable Nessus	Debian DLA-932-1 : ghostscript security update	8 May 201700:00	–	nessus
Tenable Nessus	Debian DSA-3838-1 : ghostscript - security update	1 May 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1101)	9 Jun 201700:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(100693);
  script_version("3.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/16");

  script_cve_id("CVE-2017-8291");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/14");

  script_name(english:"EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1100)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the ghostscript packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :

  - It was found that ghostscript did not properly validate
    the parameters passed to the .rsdparams and .eqproc
    functions. During its execution, a specially crafted
    PostScript document could execute code in the context
    of the ghostscript process, bypassing the -dSAFER
    protection. (CVE-2017-8291)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1100
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0225838b");
  script_set_attribute(attribute:"solution", value:
"Update the affected ghostscript package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8291");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Ghostscript Type Confusion Arbitrary Command Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript-cups");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["ghostscript-9.07-20.1.h2",
        "ghostscript-cups-9.07-20.1.h2"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript");
}

16 Dec 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 26.8

CVSS 3.17.8

EPSS0.92931

SSVC