Security restrictions bypass in ghostscript (Alpine package)

1) Security restrictions bypass

EUVDB-ID: #VU16020

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19409

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper checks of the LockSafetyParams device parameter if another device is used as the top device. A local attacker can make a .setdevice call and bypass security restrictions If another device, such as the pdf14 compositor, is the top device on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ghostscript (Alpine package): 9.04-r0 - 9.25-r1

ghostscript (Alpine package):

External links

http://git.alpinelinux.org/aports/commit/?id=9096cb46474180811d360209f21d51206ce31580
http://git.alpinelinux.org/aports/commit/?id=b0243d03648d68851d3b5edb68da29eaae5c9f0f
http://git.alpinelinux.org/aports/commit/?id=b38a11ee1f5109ffc2f67afa52903b9437dd4111
http://git.alpinelinux.org/aports/commit/?id=1effb87543c10d5de5e0a181c6757a0d5cf9e599
http://git.alpinelinux.org/aports/commit/?id=6d86206da24de4fa211d069ae110b32ffd41e1ac
http://git.alpinelinux.org/aports/commit/?id=90f284afbeec1f422dc08dc966719005e5def79a
http://git.alpinelinux.org/aports/commit/?id=d58edba21f19cbfda556148ab655755ccde6e857
http://git.alpinelinux.org/aports/commit/?id=e558a52ec2ce576ebfe50d2acaee3449d1ef6c26

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.