Red Hat update for ghostscript
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2018-15911 CVE-2018-16541 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19134 CVE-2018-19409 |
| CWE-ID | CWE-20 CWE-121 CWE-94 CWE-264 CWE-843 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for Power Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system Red Hat Enterprise Linux for Scientific Computing Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM Operating systems & Components / Operating system Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU14562
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15911
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, cause uninitialized memory access in the aesdecode operator and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux for ARM: 6.4
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU15785
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16541
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can supply crafted PostScript files, use incorrect free logic in pagedevice replacement and crash the interpreter.
Install update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU16576
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16802
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect "restoration of privilege" checking when running out of stack during exception handling. A remote unauthenticated attacker can supply specially crafted PostScript, trigger memory corruption and execute code using the "pipe" instruction.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability exists due to an incomplete fix for CVE-2018-16509.
Install update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU15375
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17183
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the application allowed a user-writable error exception table. A remote attacker can use a specially crafted PostScript file to overwrite error handlers and inject arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Code Injection
EUVDB-ID: #VU15376
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-17961
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation that allows sandbox bypass via error handler setup vectors. A remote attacker can pass a specially crafted PostScript file to the affected application, inject and execute arbitrary code on the target system.
Note: this vulnerability exists due to insufficient patch for previously fixed Code injection vulnerability (CVE-2018-17183).
MitigationInstall update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Security restrictions bypass
EUVDB-ID: #VU15748
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18073
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to exposure of system operators in the saved execution stack in an error object. A remote attacker can bypass a sandbox protection mechanism to conduct further attacks.
Install update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Code injection
EUVDB-ID: #VU15463
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-18284
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the sandbox protection mechanism on the target system.
The vulnerability exists due to the failure of the sandbox protection mechanism of the affected software when the 1Policy operator is used. A remote unauthenticated attacker can trick the victim into accessing a PostScript file that submits malicious input, bypass the sandbox protection mechanism and modify or replace error handlers used by the software, which the attacker could use to inject and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Type confusion
EUVDB-ID: #VU16577
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-19134
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to missing type check in line 292 of zcolor.c. A remote unauthenticated attacker can trigger memory corruption and execute code using the "pipe" instruction.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Security restrictions bypass
EUVDB-ID: #VU16020
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19409
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper checks of the LockSafetyParams device parameter if another device is used as the top device. A local attacker can make a .setdevice call and bypass security restrictions If another device, such as the pdf14 compositor, is the top device on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRed Hat Enterprise Linux for IBM z Systems: 7 - 7.6
Red Hat Enterprise Linux for Power: 7.6 - 9
Red Hat Enterprise Linux Server: 7 - 7.6
Red Hat Enterprise Linux for Scientific Computing: 7
Red Hat Enterprise Linux Desktop: 7
Red Hat Enterprise Linux Workstation: 7
External linkshttp://access.redhat.com/errata/RHSA-2018:3834
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
