Your one-stop web resource providing safety and security information to manufacturers

There is a vulnerability called Ghostscript that is affecting various vendors and an attacker could exploit it to take control of an affected system, according to a report from NCCIC.

As a result, NCCIC released a warning to encourage users and administrators to apply necessary workarounds, and refer to vendors for appropriate patches, when available.

Lessons Learned One Year After Triton
Black Hat: Breaking Down Safety System Attack
Black Hat: Get to Root Cause
Forget Hyperbole: Stay True to Security Message

The Ghostscript malware contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.

Ghostscript contains an optional –dSAFER option, which should prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick.

Cyber Security

By causing Ghostscript or a program that leverages Ghostscript to parse a specially-crafted file, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the Ghostscript code.

CERT Coordination Center (CERT/CC) is unaware of a practical solution to this problem. Along those lines, users should consider the following workarounds: Disable PS, EPS, PDF, and XPS coders in ImageMagick policy.xml.

Pin It on Pinterest

Share This