Vulnerability CVE-2018-16863
Published: 2018-12-03

Description:
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux workstation 
Artifex -> Ghostscript 

 References:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486
https://access.redhat.com/errata/RHSA-2018:3761
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863
Copyright 2024, cxsecurity.com

 

Back to Top