CVE-2010-2055

2010-07-2200:00:00

ubuntu.com

0.0004 Low

EPSS

Percentile

9.7%

JSON

Ghostscript 8.71 and earlier reads initialization files from the current
working directory, which allows local users to execute arbitrary PostScript
commands via a Trojan horse file, related to improper support for the -P-
option to the gs program, as demonstrated using gs_init.ps, a different
vulnerability than CVE-2010-4820.

Bugs

<https://bugs.launchpad.net/gs-gpl/+bug/605211>
<https://bugzilla.redhat.com/show_bug.cgi?id=599564>
<https://bugzilla.novell.com/show_bug.cgi?id=608071>
<http://bugs.ghostscript.com/show_bug.cgi?id=691350 (-P- doesn’t work)>
<http://bugs.ghostscript.com/show_bug.cgi?id=691339 (-P is the wrong default)>
<http://bugs.ghostscript.com/show_bug.cgi?id=691355 (scripts don’t use -P-)>
<http://bugs.debian.org/584653 (-P- doesn’t work)>
<http://bugs.debian.org/584663 (-P is the wrong default)>
<http://bugs.debian.org/584667 (scripts don’t use -P-)>
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183 (old bug)>

Notes

Author	Note
mdeslaur	There are three different issues here: 1- -P is the default, and not -P- 2- -P- doesn’t actually work 3- ghostscript’s scripts don’t use -P- Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases.

Author

Note

mdeslaur

There are three different issues here: 1- -P is the default, and not -P- 2- -P- doesn’t actually work 3- ghostscript’s scripts don’t use -P- Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases.