Interpreter for Abode PostScript and PDF page description languages is used by large numbers of vendors - and in enterprises around the world.
This article originally appeared on ZDNet.
A vulnerability in Ghostscript, a widely used interpreter for Abode PostScript and PDF page description languages could allow attackers to remotely take control of vulnerable systems - and there's currently no patch available to protect against the exploit being used.
Ghostscript interpreter is used by large number of vendors which produce software suites and coding libraries for enabling desktop software and web servers to use products using Postscript or PDFs - common tools used in the day to day activity of enterprises.
Vendors known to be affected by the vulnerability include Red Hat, Ubuntu, Artifex Software and ImageMagick - and that list could get larger as more vendors work towards learning if their products are affected.
SEE: System update policy (Tech Pro Research)
Uncovered by Tavis Ormandy, a vulnerability researcher at Google's Project Zero security team, the vulnerability is so freshly discovered that it doesn't have a CVE number yet - or a patch to to prevent it being exploited.
The exploit is based around Ghostscript's optional -dSAFER option, a function designed to prevent unsafe operations of PostScript, but in this case can inadvertently enable unsafe activity in applications which use Ghostscript.
By causing GhostScript - or a program using it - to parse a specifically created file in any directory, it's possible for a remote attacker to gain privileges for executing arbitrary commands which can allow for various forms of malicious activity. That includes taking total control of an effected system, US-CERT has warned.
It isn't the first time vulnerabilities in Ghostscript have been discovered - Ormandy previously uncovered exploits in 2016.
As no patch has been issued for the new Ghostscript vulnerability, he recommends that several vulnerable functions are turned-off.
"I really *strongly* suggest that distributions start disabling PS, EPS, PDF and XPS coders in policy.xml by default. I think this is the number one "unexpected ghostscript" vector, imho this should happen asap. IMHO, -dSAFER is a fragile security boundary at the moment, and executing untrusted postscript should be discouraged, at least by default," he wrote in the blog post detailing the new discovery.
The CERT vulnerability notes database also suggests disabling some processes in order to protect systems against attack in the absense of a "practical solution" in the form of patches by affected vendors.
- A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
- Adobe addresses critical vulnerabilities in Acrobat, Reader (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- IT: Patch these critical new vulnerabilities in Windows, Adobe, and OS kernels (TechRepublic)
- Apache OpenWhisk critical information leak vulnerability exposed (ZDNet)
- Adobe Acrobat vulnerability can compromise you with just a click (CNET)
- Cisco patches critical Nexus flaws: Are your switches vulnerable? (ZDNet)