The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ghostscript | Aladdin_enterprises | 5.10.15 | 5.10.15 |
Ghostscript | Aladdin_enterprises | 6.53 | 6.53 |
Ghostscript | Aladdin_enterprises | 6.51 | 6.51 |
Ghostscript | Aladdin_enterprises | 5.50.8 | 5.50.8 |
Ghostscript | Aladdin_enterprises | 5.10.10 | 5.10.10 |
Ghostscript | Aladdin_enterprises | 5.50.8_7 | 5.50.8_7 |
Ghostscript | Aladdin_enterprises | 4.3 | 4.3 |
Ghostscript | Aladdin_enterprises | 5.50 | 5.50 |
Ghostscript | Aladdin_enterprises | 7.0.6 | 7.0.6 |
Ghostscript | Aladdin_enterprises | 5.10.10_1 | 5.10.10_1 |
Ghostscript | Aladdin_enterprises | 5.10.10 | 5.10.10 |
Ghostscript | Aladdin_enterprises | 5.10.12cl | 5.10.12cl |
Ghostscript | Aladdin_enterprises | 7.0.5 | 7.0.5 |
Ghostscript | Aladdin_enterprises | 5.10cl | 5.10cl |
Ghostscript | Aladdin_enterprises | 4.3.2 | 4.3.2 |
Ghostscript | Aladdin_enterprises | 7.0.7 | 7.0.7 |
Ghostscript | Aladdin_enterprises | 6.52 | 6.52 |
Ghostscript | Aladdin_enterprises | 5.10.10_1 | 5.10.10_1 |
Ghostscript | Aladdin_enterprises | 5.10.16 | 5.10.16 |
Ghostscript | Aladdin_enterprises | 7.0.4 | 7.0.4 |