Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you the analysis of vulnerability early warning in the execution of ghostscript commands. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

0x00 vulnerability background

On August 21, Tavis Ormandy pointed out once again that ghostscript's security sandbox can be bypassed through a public mailing list (hxxps://bugs.chromium [.] org/p/project-zero/issues/detail?id=1640), which can cause command execution by constructing malicious image content.

Ghostscript is widely used, such as ImageMagick, python-matplotlib, libmagick and other image processing applications.

In ghostscript, due to previous security incidents, gs officially uses the added parameter-dSAFER to open the security sandbox, but the sandbox is controlled by the value of LockSafetyParams during program execution. This time Taviso found that this value will be successfully overwritten through restore operation, resulting in a security sandbox being bypassed and a command execution vulnerability.

Impact of 0x01 vulnerabilities

Version

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.