GhostScript Flaw Is Allowing Remote Access To Systems For Hackers

GhostScript is an interpreter used by Adobe PostScript and PDF page description languages which are used by a lot of vendors and enterprises throughout the world. A flaw in GhostScript is allowing the hackers to take control of the user’s systems remotely and there is no patch available for this issue if the exploit was used.

What Is GhostScript?

The GhostScript interpreter is used by a lot of vendors to generate software suites and code libraries which enables the development of desktop and server-based software. Some of the common tools are PostScripts and PDFs which are used daily by enterprises.  Some of the vendors that are affected by this vulnerability include Red Hat, Ubuntu, Artifex Software and ImageMagick. This list may become larger as more vendors are opting for the GhostScript Services.

The flaws were unveiled by a security researcher in Google named Tavis Ormandy in the Project Zero Security Team. It was also found that this flaw doesn’t have a CVE ID yet to prevent it from being exploited.

What Is The Flaw?

The exploit is due to the GhostScript’s optional -dSAFER option which was designed to protect the developers from unsafe operations of the PostScript but in the following cases, it is being inadvertently enabled unsafe activity application which is using GhostScript as one of the implementations of their source code.

If the user is running GhostScript to parse any file or directory it might be possible for a remote attacker to run arbitrary commands which allow the attacker to get privileges to execute library commands which in turn allows a lot of malicious activity. The affected systems also include US-CERT. There were many vulnerabilities discovered by GhostScript and no patches have been issued but most of the several vulnerable functions were turned off.

It was strongly suggested that these systems use PS, EPS, PDF and XPS coders in the policy.xml file by default. There was also a fragile security issue in the -dSAFER argument. The CERT vulnerability database is suggesting to disable some of the processes in order to protect the systems against this vulnerability.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil