CVE-2019-14813 – ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
https://notcve.org/view.php?id=CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detectó un fallo en ghostscript, versiones 9.x versiones anteriores a la 9.50, en el procedimiento setsystemparams donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo a los scripts omitir las restricciones "-dSAFER". Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y entonces tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2594 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html https://lists.fedoraproject.o • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVE-2019-14812 – ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
https://notcve.org/view.php?id=CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se encontró un fallo en todas las versiones de ghostscript 9.x anteriores a la versión 9.50, en el procedimiento .setuserparams2 donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones "-dSAFER". Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 https://access.redhat.com/security/cve/cve-2019-14812 https://bugs.ghostscript.com/show_bug.cgi?id=701444 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14812 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V https://security.gentoo.org/glsa/202004-03 https://access.redhat.com/security/cve/CVE-2019-14812 https://bugzilla.redh • CWE-648: Incorrect Use of Privileged APIs CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-14817 – ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)
https://notcve.org/view.php?id=CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detecto un error en ghostscript en versiones anteriores a la 9.50, en el .pdfexectoken y en otros procedimientos en los que no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=cd1b1cacadac2479e291efe611979bdc1b3bdb19 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2594 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817 https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html https://lists.fedoraproject.o • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVE-2019-14811 – ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
https://notcve.org/view.php?id=CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detecto un defecto en, ghostscript en versiones anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no aseguró adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2594 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811 https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3 https:/ • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVE-2019-10216 – ghostscript: -dSAFER escape via .buildfont1 (701394)
https://notcve.org/view.php?id=CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. En ghostscript anterior a la versión 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. Un atacante podría abusar de esta fallo al crear un archivo PostScript especialmente diseñado que podría escalar privilegios y acceder a archivos fuera de las áreas restringidas. It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 https://security.gentoo.org/glsa/202004-03 https://access.redhat.com/security/cve/CVE-2019-10216 https://bugzilla.redhat.com/show_bug.cgi?id=1737080 • CWE-648: Incorrect Use of Privileged APIs •