CVE-2019-14813

HIGH

Description

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

https://access.redhat.com/errata/RHBA-2019:2824

https://access.redhat.com/errata/RHSA-2019:2594

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813

https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

https://lists.fedoraproject.org/archives/list/[email protected]/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

https://seclists.org/bugtraq/2019/Sep/15

https://www.debian.org/security/2019/dsa-4518

Details

Source: MITRE

Published: 2019-09-06

Updated: 2019-11-18

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* versions from 9.00 to 9.28 (inclusive)

Configuration 2

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

ID	Name	Product	Family	Severity
137500	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2020-1658)	Nessus	Huawei Local Security Checks	high
135661	EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)	Nessus	Huawei Local Security Checks	high
135135	EulerOS Virtualization for ARM 64 3.0.6.0 : ghostscript (EulerOS-SA-2020-1348)	Nessus	Huawei Local Security Checks	high
135114	GLSA-202004-03 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134529	EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)	Nessus	Huawei Local Security Checks	high
133984	EulerOS 2.0 SP8 : ghostscript (EulerOS-SA-2020-1150)	Nessus	Huawei Local Security Checks	high
132453	NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0250)	Nessus	NewStart CGSL Local Security Checks	high
131844	FreeBSD : Ghostscript -- Security bypass vulnerabilities (22ae307a-1ac4-11ea-b267-001cc0382b2f)	Nessus	FreeBSD Local Security Checks	high
130860	EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2151)	Nessus	Huawei Local Security Checks	high
130704	EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2242)	Nessus	Huawei Local Security Checks	high
130273	Artifex Ghostscript < 9.50 Multiple Vulnerabilities	Nessus	Windows	high
129908	NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0203)	Nessus	NewStart CGSL Local Security Checks	high
129601	Fedora 31 : ghostscript (2019-0a9d525d71)	Nessus	Fedora Local Security Checks	high
129483	openSUSE Security Update : ghostscript (openSUSE-2019-2223)	Nessus	SuSE Local Security Checks	high
129482	openSUSE Security Update : ghostscript (openSUSE-2019-2222)	Nessus	SuSE Local Security Checks	high
129423	Fedora 29 : ghostscript (2019-ebd6c4f15a)	Nessus	Fedora Local Security Checks	high
129404	SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:2478-1)	Nessus	SuSE Local Security Checks	high
129381	SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:2460-1)	Nessus	SuSE Local Security Checks	high
129323	Fedora 30 : ghostscript (2019-953fc0f16d)	Nessus	Fedora Local Security Checks	high
129019	CentOS 7 : ghostscript (CESA-2019:2586)	Nessus	CentOS Local Security Checks	high
128619	Debian DLA-1915-1 : ghostscript security update	Nessus	Debian Local Security Checks	high
128598	Oracle Linux 8 : ghostscript (ELSA-2019-2591)	Nessus	Oracle Linux Local Security Checks	high
128560	Debian DSA-4518-1 : ghostscript - security update	Nessus	Debian Local Security Checks	high
128499	Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190903)	Nessus	Scientific Linux Local Security Checks	high
128450	RHEL 8 : ghostscript (RHSA-2019:2591)	Nessus	Red Hat Local Security Checks	high
128448	RHEL 7 : ghostscript (RHSA-2019:2586)	Nessus	Red Hat Local Security Checks	high
128445	Oracle Linux 7 : ghostscript (ELSA-2019-2586)	Nessus	Oracle Linux Local Security Checks	high
128322	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : ghostscript vulnerabilities (USN-4111-1)	Nessus	Ubuntu Local Security Checks	high