NAVIGATION
CATEGORIES
REFERRENCE
LINKS
SCOSA-2006.23 UnixWare 7.1.4 : GhostScriptInsecure Temporary File Creation Vulnerability
0 answers - 2503 bytes -
--
Dr. Ronald Joe Record
SC Security
rr (AT) sco (DOT) com
PGP SIGNED MESSAGE
Hash: SHA1
SC Security Advisory
Subject:UnixWare 7.1.4 : GhostScript Insecure Temporary File Creation Vulnerability
Advisory number: SCSA-2006.23
Issue date: 2006 May 09
Cross reference:fz533156
CVE-2004-0967
1. Problem Description
Ghostscript is affected by an insecure temporary file creation
vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existence
of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary
files with the privileges of an unsuspecting user that
activates the vulnerable application. Reportedly this issue
is unlikely to facilitate privilege escalation.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0967 to
this issue.
2. Vulnerable Supported Versions
SystemBinaries
UnixWare 7.1.4Ghostscript package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
4.2 Verification
MD5 (p533156.714.image) =
md5 is available for download from
4.3 Installing Fixed Binaries
The following packages should be installed on your system before
you install this fix:
UnixWare 7.1.4 Maintenance Pack 3
ptf9052
Upgrade the affected binaries with the following sequence:
Download p533156.714.image to the /var/spool/pkg directory
# pkgadd -d /
5. References
Specific references for this advisory:
http://www.cs.wisc.edu/~ghost/
SC security resources:
SC security advisories via email
This security fix closes SC incidents fz533156.
6. Disclaimer
SC is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. advisories are a service to our customers intended
to promote secure installation and use of SC products.
7. Acknowledgments
Trustix security engineers are credited with the discovery of
this vulnerability.
PGP SIGNATURE
Version: GnuPG v1.4.2 (SCSV)
Wvfq82zzyeLc5iS/x1iew8=
=DmgU
PGP SIGNATURE
Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/
QUESTION ON "Security"
- # MHG Security Team DuGallery V2.x SQL Injection
- Secure Surfing
- INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities
- Reporting Tools
- Sniffing A VPN Router
- Patch Management on Critical Servers (Healthcare)
- SF new article announcement: Malicious cryptography, part 1
- PenTest Checklist
- Risk from VPN client connections from enterprise network
- Security Events Google Calendar
- Lightweight portable encryption
- to dsniff or not to dsniff
- HTTP request working via hostname but not via IP address
- Full Disclosure "Code of conduct"
- Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
- guidelines for good password policy andmaintenance / user centric identity with single pas
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile,
- Industry calls on Microsoft to scrap PatchTuesday for Critical flaws
- Fwd: SURROUNDED
- Fwd: SURROUNDED