CVE-2024-29510 – Exploiting Ghostscript using format strings
A format string vulnerability in Ghostscript up to version 10.03.0 allows code execution by bypassing the -dSAFER sandbox. Security experts urge updating to prevent potential remote code execution risks.
Read original article
A format string vulnerability, CVE-2024-29510, affecting Ghostscript versions up to 10.03.0, allows bypassing the -dSAFER sandbox to achieve code execution. This vulnerability impacts web applications and services utilizing Ghostscript for document conversion and preview functionalities. Codean Labs discovered this issue as part of a series on Ghostscript vulnerabilities. Ghostscript, a Postscript interpreter and document conversion tool, is commonly used in automated systems handling user-supplied files, often indirectly through tools like ImageMagick and LibreOffice. The -dSAFER sandbox in Ghostscript restricts I/O operations to prevent dangerous activities like command execution. However, the sandbox's limitations can be circumvented, enabling file manipulation and potential remote code execution. Ghostscript supports various output devices and document types, making it highly configurable via command-line parameters. The versatility of Ghostscript, combined with the format string vulnerability, poses a significant security risk, especially when handling untrusted files. Security researchers emphasize the importance of updating Ghostscript to the latest version to mitigate these vulnerabilities.
Related
SVG: The Good, the Bad, and the Ugly (2021)
SVG, scalable vector graphics, is a versatile format for web design, supporting various graphic elements like paths, shapes, text, and animations. Despite its power, its complexity and extensive specifications can be challenging for users.
Show HN: Pdfscale
The GitHub repository hosts "pdfScale," a Bash script using ghostscript for PDF scaling and resizing via the command line. It supports various modes, paper sizes, and installation methods. Find more details on the repository.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
OpenSSH Race condition resulting in potential remote code execution
OpenSSH 9.8, released on July 1, 2024, addresses critical security issues like ObscureKeystrokeTiming vulnerabilities in sshd(8) and ssh(1), plans to deprecate DSA support, and introduces penalties for failed authentications. Various improvements included.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
3 commentsI believe that by default on osx %n is only respected if the format string is in readonly memory, I thought the default in Linux was to just ignore it?
Related
SVG: The Good, the Bad, and the Ugly (2021)
SVG, scalable vector graphics, is a versatile format for web design, supporting various graphic elements like paths, shapes, text, and animations. Despite its power, its complexity and extensive specifications can be challenging for users.
Show HN: Pdfscale
The GitHub repository hosts "pdfScale," a Bash script using ghostscript for PDF scaling and resizing via the command line. It supports various modes, paper sizes, and installation methods. Find more details on the repository.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
OpenSSH Race condition resulting in potential remote code execution
OpenSSH 9.8, released on July 1, 2024, addresses critical security issues like ObscureKeystrokeTiming vulnerabilities in sshd(8) and ssh(1), plans to deprecate DSA support, and introduces penalties for failed authentications. Various improvements included.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.