MidnightBSD

Advisories for aladdin_enterprises

CVE-1999-0155 HIGH

The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
aladdin_enterprises ghostscript 2.6
aladdin_enterprises ghostscript 3.22
CVE-2000-1162 LOW

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
aladdin_enterprises ghostscript 5.50
aladdin_enterprises ghostscript 5.10.15
aladdin_enterprises ghostscript 5.10.10
aladdin_enterprises ghostscript 4.3
CVE-2000-1163 MEDIUM

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
aladdin_enterprises ghostscript 5.50
aladdin_enterprises ghostscript 5.10.15
aladdin_enterprises ghostscript 5.10.10
aladdin_enterprises ghostscript 5.10cl
aladdin_enterprises ghostscript 4.3
CVE-2001-1353 LOW

ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
aladdin_enterprises ghostscript *
CVE-2002-0363 HIGH

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
aladdin_enterprises ghostscript *
CVE-2004-0967 HIGH

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
aladdin_enterprises ghostscript 7.0.5
aladdin_enterprises ghostscript 5.50.8
aladdin_enterprises ghostscript 5.50.8_7
aladdin_enterprises ghostscript 5.10.10_1
aladdin_enterprises ghostscript 5.10.10
aladdin_enterprises ghostscript 5.10cl
aladdin_enterprises ghostscript 6.53
aladdin_enterprises ghostscript 5.10.12cl
aladdin_enterprises ghostscript 7.0.7
aladdin_enterprises ghostscript 5.10.16
aladdin_enterprises ghostscript 5.50
aladdin_enterprises ghostscript 6.52
aladdin_enterprises ghostscript 7.0.4
aladdin_enterprises ghostscript 5.10.15
aladdin_enterprises ghostscript 6.51
aladdin_enterprises ghostscript 4.3
aladdin_enterprises ghostscript 4.3.2
aladdin_enterprises ghostscript 7.0.6