16th Apr 2003 [SBWID-6153]
COMMAND
ps2epsi insecure temporary file creation
SYSTEMS AFFECTED
version 0.3.3.0
PROBLEM
Paul Szabo discovered insecure creation of a temporary file in ps2epsi,
a script that is most of the time distributed as part of gs-common
which contains common files for different Ghostscript releases. ps2epsi
uses a temporary file in the process of invoking ghostscript. This file
was created in an insecure fashion, which could allow a local attacker
to overwrite files owned by a user who invokes ps2epsi.
SOLUTION
Upgrade.
under debian, upgrade gs-common package.
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
