CVE-2019-14813

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

References

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html

https://access.redhat.com/errata/RHBA-2019:2824

https://access.redhat.com/errata/RHSA-2019:2594

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813

https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/

https://lists.fedoraproject.org/archives/list/[email protected]/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/

https://seclists.org/bugtraq/2019/Sep/15

https://security.gentoo.org/glsa/202004-03

https://www.debian.org/security/2019/dsa-4518

Details

Source: MITRE

Published: 2019-09-06

Updated: 2020-10-16

Type: CWE-863

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* versions from 9.00 to 9.50 (inclusive)

Configuration 2

OR

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
146633Amazon Linux 2 : ghostscript (ALAS-2021-1598)NessusAmazon Linux Local Security Checks
critical
145613CentOS 8 : ghostscript (CESA-2019:2591)NessusCentOS Local Security Checks
critical
144223Virtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-doc / etc (VZLSA-2019-2586)NessusVirtuozzo Local Security Checks
critical
137500EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2020-1658)NessusHuawei Local Security Checks
critical
135661EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)NessusHuawei Local Security Checks
critical
135135EulerOS Virtualization for ARM 64 3.0.6.0 : ghostscript (EulerOS-SA-2020-1348)NessusHuawei Local Security Checks
critical
135114GLSA-202004-03 : GPL Ghostscript: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
134529EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)NessusHuawei Local Security Checks
critical
133984EulerOS 2.0 SP8 : ghostscript (EulerOS-SA-2020-1150)NessusHuawei Local Security Checks
critical
132453NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0250)NessusNewStart CGSL Local Security Checks
critical
131844FreeBSD : Ghostscript -- Security bypass vulnerabilities (22ae307a-1ac4-11ea-b267-001cc0382b2f)NessusFreeBSD Local Security Checks
critical
130860EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2151)NessusHuawei Local Security Checks
critical
130704EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2242)NessusHuawei Local Security Checks
critical
130273Artifex Ghostscript < 9.50 Multiple VulnerabilitiesNessusWindows
critical
129908NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0203)NessusNewStart CGSL Local Security Checks
critical
129601Fedora 31 : ghostscript (2019-0a9d525d71)NessusFedora Local Security Checks
critical
129483openSUSE Security Update : ghostscript (openSUSE-2019-2223)NessusSuSE Local Security Checks
critical
129482openSUSE Security Update : ghostscript (openSUSE-2019-2222)NessusSuSE Local Security Checks
critical
129423Fedora 29 : ghostscript (2019-ebd6c4f15a)NessusFedora Local Security Checks
critical
129404SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:2478-1)NessusSuSE Local Security Checks
critical
129381SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:2460-1)NessusSuSE Local Security Checks
critical
129323Fedora 30 : ghostscript (2019-953fc0f16d)NessusFedora Local Security Checks
critical
129019CentOS 7 : ghostscript (CESA-2019:2586)NessusCentOS Local Security Checks
critical
128619Debian DLA-1915-1 : ghostscript security updateNessusDebian Local Security Checks
critical
128598Oracle Linux 8 : ghostscript (ELSA-2019-2591)NessusOracle Linux Local Security Checks
critical
128560Debian DSA-4518-1 : ghostscript - security updateNessusDebian Local Security Checks
critical
128499Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190903)NessusScientific Linux Local Security Checks
critical
128450RHEL 8 : ghostscript (RHSA-2019:2591)NessusRed Hat Local Security Checks
critical
128448RHEL 7 : ghostscript (RHSA-2019:2586)NessusRed Hat Local Security Checks
critical
128445Oracle Linux 7 : ghostscript (ELSA-2019-2586)NessusOracle Linux Local Security Checks
critical
128322Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Ghostscript vulnerabilities (USN-4111-1)NessusUbuntu Local Security Checks
critical