[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Multiple memory corruption vulnerabilities in Ghostscript
- To: Peter Besenbruch <prb@xxxxxxxx>
- Subject: Re: [Full-disclosure] Multiple memory corruption vulnerabilities in Ghostscript
- From: Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 May 2010 22:44:20 -0500
On 5/11/2010 8:30 PM, Peter Besenbruch wrote:
> On Tue, 11 May 2010 20:27:35 -0400
> Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx> wrote:
>
>> ==Solution==
>>
>> In the absence of a patch, users are encouraged to discontinue use of
>> Ghostscript or avoid processing untrusted PostScript files.
How are you supposed to trust a document before you read it?!
Judge it by it's cover perhaps?
> Ghostscript is an important part of most Linux systems out there. If
> you remove Ghostscript, you remove the ability to print in most cases.
>
> The advice to avoid opening unknown PS files is good.
Unless you're a printer.
> I wonder whether
> a similar flaw exists in Ghostscript's handling of PDF files.
Last I checked (a long long time ago), PDF wasn't a Turing-complete
programming language like Postscript, so it wouldn't allow recursion
needed for this flaw. Maybe that's why they couldn't resist adding
Javascript to it.
> If such
> an attack is possible with a PDF, the flaw is potentially much more
> serious.
Well, I need to read 'em both.
- Marsh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/