FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ghostscript -- insecure temporary file creation vulnerability

Affected packages
ghostscript-gnu < 7.07_14
ghostscript-gnu-nox11 < 7.07_14
ghostscript-afpl < 8.53_1
ghostscript-afpl-nox11 < 8.53_1

Details

VuXML ID 27a70a01-5f6c-11da-8d54-000cf18bbe54
Discovery 2004-10-19
Entry 2005-11-27

Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

References

Bugtraq ID 11285
CVE Name CVE-2004-0967