Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
A stack based buffer overflow was fixed in the ghostscript interpreter, which can be used to execute code or at least crash ghostscript.
CVE-2008-0411
This can be exploited for instance by site local users printing to a print server which uses ghostscript to raster data, making this a remote problem.
Unfortunately this error is not caught by the stack overflow protection technologies we use.
Affected
ghostscript on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-0411 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities