Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0411

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-0411
Last Modified 07 Mar 2011 10:04:40
Published 28 Feb 2008 04:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0411

Summary

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Vulnerable Systems

Application

  • Ghostscript 0

  • Ghostscript 8.0.1

  • Ghostscript 8.15

  • Ghostscript 8.61


References

DEBIAN - DSA-1510

FEDORA - FEDORA-2008-1998

CONFIRM - https://issues.rpath.com/browse/RPL-2217

VUPEN - ADV-2008-0693

UBUNTU - USN-599-1

SECTRACK - 1019511

BID - 28017

BUGTRAQ - 20080228 Ghostscript buffer overflow

BUGTRAQ - 20080228 rPSA-2008-0082-1 espgs

REDHAT - RHSA-2008:0155

MANDRIVA - MDVSA-2008:055

GENTOO - GLSA-200803-14

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0082

SLACKWARE - SSA:2008-062-01

SECUNIA - 29768

SECUNIA - 29314

SECUNIA - 29196

SECUNIA - 29169

SECUNIA - 29154

SECUNIA - 29147

SECUNIA - 29135

SECUNIA - 29112

SECUNIA - 29103

SECUNIA - 29101

MISC - http://scary.beasts.org/security/CESA-2008-001.html

SUSE - SUSE-SA:2008:010

Related Patches

Novell SUSE 2008:4984 ghostscript-fonts-other security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:48