安全研究

安全漏洞
Ghostscript zseticcspace()函数栈溢出漏洞

发布日期:2008-02-27
更新日期:2008-02-28

受影响系统:
Ghostscript Ghostscript 8.15
Ghostscript Ghostscript 8.0.1
描述:
BUGTRAQ  ID: 28017
CVE(CAN) ID: CVE-2008-0411

Ghostscript是用于显示PostScript文件或向非PostScript打印机打印这些文件的程序。

Ghostscript的zseticcspace()函数在处理颜色空间时存在栈溢出漏洞,攻击者可以创建恶意的PostScript文件,如果打开了该文件就会导致Ghostscript执行任意指令。

<*来源:Chris Evans (chris@ferret.lmh.ox.ac.uk
  
  链接:http://secunia.com/advisories/29103/
        http://scary.beasts.org/security/CESA-2008-001.html
        http://marc.info/?l=bugtraq&m=120430241305160&w=2
        https://www.redhat.com/support/errata/RHSA-2008-0155.html
        http://www.debian.org/security/2008/dsa-1510
        http://security.gentoo.org/glsa/glsa-200803-14.xml
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

http://scary.beasts.org/security/CESA-2008-001.html

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1510-1)以及相应补丁:
DSA-1510-1:New ghostscript packages fix arbitrary code execution
链接:http://www.debian.org/security/2008/dsa-1510

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6.diff.gz
Size/MD5 checksum:    37500 ce05f327ba06e067f8df78cb60ad386a
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1.orig.tar.gz
Size/MD5 checksum:  6795608 20dfdc45c3aeb9893b75d41087f828d9
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01.orig.tar.gz
Size/MD5 checksum:  5531748 b9fed961d538c0aeb841f7e46bc80857
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1.dsc
Size/MD5 checksum:      830 5b84dd5a5171b74045c110eb3d21ecd2
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6.dsc
Size/MD5 checksum:      729 8c80ff522cee28a37afcb68f2221be6b
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1.diff.gz
Size/MD5 checksum:    56507 b02a4b36a97c61f5b81c4c0f2c9b8957

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.01-6_all.deb
Size/MD5 checksum:    12514 b1a11cd8a49dc3bb4afe3f2c29ff3f44

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_alpha.deb
Size/MD5 checksum:  2838228 f34adbdd25489e9a6354249546996143
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_alpha.deb
Size/MD5 checksum:  3189058 08aa096b5140c638ad6b200ee4f67cc7

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_amd64.deb
Size/MD5 checksum:  2546568 d28291f6de6728cffe4749bc3432b5be
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_amd64.deb
Size/MD5 checksum:  2868960 35d3f4801301323023e24ddac914d677

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_arm.deb
Size/MD5 checksum:  2487974 22fc607e2e5fd4a573ba3cd276d81075
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_arm.deb
Size/MD5 checksum:  2799614 dd67289f8031f2a775e1a2fa18cc2640

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_hppa.deb
Size/MD5 checksum:  2954310 b1d0568a54276c070abd7de5999301ed
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_hppa.deb
Size/MD5 checksum:  2637170 5fb35e63a13bceaa72108db451ca127a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_i386.deb
Size/MD5 checksum:  2466366 a4f4c9be11f8d84cc483863767b29e49
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_i386.deb
Size/MD5 checksum:  2771496 62ce6bc97289ee62928463a47366a13d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_ia64.deb
Size/MD5 checksum:  3558624 7271e410306339eae9ee627560c41763
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_ia64.deb
Size/MD5 checksum:  3124082 695f97ec95735230dc6bac436c95b100

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_m68k.deb
Size/MD5 checksum:  2298494 d0014a75fffca1e20419e11872c517b9
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_m68k.deb
Size/MD5 checksum:  2588462 35f324267363f332d7f518d7f9415e8a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_mips.deb
Size/MD5 checksum:  2959398 99599bcdc1ffe9b15abd2b4b5bb22216
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_mips.deb
Size/MD5 checksum:  2705408 a87e735224d614a1a822a624bf427942

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_mipsel.deb
Size/MD5 checksum:  2920024 4122f5f6bcc7f9b3b215c329d0e3a53e
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_mipsel.deb
Size/MD5 checksum:  2670268 53405c71a5857e128271a2cd02ae6252

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_powerpc.deb
Size/MD5 checksum:  2856994 aad2af8daa3490fd8128a10035e8fe09
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_powerpc.deb
Size/MD5 checksum:  2543328 df7d4be42d759105421733d75b1ad236

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_s390.deb
Size/MD5 checksum:  2531042 23f6f9c8f869495ab3b8fe61590369ce
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_s390.deb
Size/MD5 checksum:  2848094 383bbb72d06e8d255cf41d3e6acf53ef

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_sparc.deb
Size/MD5 checksum:  2432186 25eeaa829f881209f9086f2a12896cde
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_sparc.deb
Size/MD5 checksum:  2753256 97a4f8235f719f5e5644b33c388ed431

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1.orig.tar.gz
Size/MD5 checksum:  7384506 002a849bf645c9346ebbcc26a1972e3f
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1.diff.gz
Size/MD5 checksum:   218204 69b74a05c360f4ba85eea35ffb2c6c1c
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1.diff.gz
Size/MD5 checksum:    63267 db2d2917171be033d0e3196ebd93394d
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
Size/MD5 checksum: 11695732 05938e26bfa8769e28cf2bb38efd9673
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1.dsc
Size/MD5 checksum:      852 3a9f6ff073ee09fb8313224cf219ff62
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1.dsc
Size/MD5 checksum:      829 314ccac99a222bee0752ce13c26d6267

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch1_all.deb
Size/MD5 checksum:    14288 594611915aaeb3dfbc6a468efd51f0e5

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_alpha.deb
Size/MD5 checksum:  3394724 9a42f25aed551f7ec8684f1723a2a474
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_alpha.deb
Size/MD5 checksum:  5876768 b37fed1d32a051655223333b6eda6530

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_amd64.deb
Size/MD5 checksum:  3139230 1cc7dfcbceffbe2a2326a2a8387b6d4b
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_amd64.deb
Size/MD5 checksum:  5615964 86a0df555e923106f38a3697067a0609

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_arm.deb
Size/MD5 checksum:  3026610 cba96a7f640919bbd6d5998111485289
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_arm.deb
Size/MD5 checksum:  5508330 965b68910bfbae43c40979825ffef476

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_hppa.deb
Size/MD5 checksum:  3227870 29af72f9b33c9cbe5b9b1b4dde017562
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_hppa.deb
Size/MD5 checksum:  5724644 c12aa1ad95469fe1f7eb058822343e95

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_i386.deb
Size/MD5 checksum:  5485092 c44ea2c20dc4472021f47296ab004f05
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_i386.deb
Size/MD5 checksum:  3002876 f51ec0b3eb84362f54b3f6a1932fcc40

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_ia64.deb
Size/MD5 checksum:  4037068 42fa033ed49b7f13d68201abe02b892f
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_ia64.deb
Size/MD5 checksum:  6548054 1ca0d9dec541aafacdd36bce46ebce29

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_mips.deb
Size/MD5 checksum:  3218122 2019f48ea1829cd38a099f01d17ad2b5
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_mips.deb
Size/MD5 checksum:  5778866 996adb8158abbd3ddd6ded34fd463534

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_mipsel.deb
Size/MD5 checksum:  5742732 2dd5262d3521df3ecbf1f1c95ff07005
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_mipsel.deb
Size/MD5 checksum:  3181834 282986a71781a5ccc645d03ea14d4766

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_powerpc.deb
Size/MD5 checksum:  5579416 24a6b1694d6aa66df676610cca380cf3
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_powerpc.deb
Size/MD5 checksum:  3103556 291e4c92e6f933523663aed2d7e0e71e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_s390.deb
Size/MD5 checksum:  5534914 49e7a2502e303d21bed0161841af4eec
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_s390.deb
Size/MD5 checksum:  3083516 91f1ae5ac05b1e17e700f59c66d778f9

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_sparc.deb
Size/MD5 checksum:  5425410 fb7afa7cbfb9f9ba707aeddf5c00ff80
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_sparc.deb
Size/MD5 checksum:  2947418 d815d67dc78463de966b8c9825c4bcf1

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2008:0155-01)以及相应补丁:
RHSA-2008:0155-01:Important: ghostscript security update
链接:https://www.redhat.com/support/errata/RHSA-2008-0155.html

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200803-14)以及相应补丁:
GLSA-200803-14:Ghostscript: Buffer overflow
链接:http://security.gentoo.org/glsa/glsa-200803-14.xml

所有Ghostscript ESP用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-text/ghostscript-esp-8.15.4-r1"

所有Ghostscript GPL用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.61-r3"

所有Ghostscript GNU用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-text/ghostscript-gnu-8.60.0-r2"

浏览次数:3671
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客