Rapid7 Vulnerability & Exploit Database

RHSA-2000:114: ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH

Back to Search

RHSA-2000:114: ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH

Severity
4
CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:P)
Published
01/09/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

ghostscript makes use of mktemp instead of mkstemp to create temp files; and also uses improper LD_RUN_PATH values, causing it to search for libraries in the current directory. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

ghostscript makes use of mktemp to create temp files, which is an insecure and predictable apporoach, it is now patched to use mkstemp, which avoid the race condition on the name. It also uses improper LD_RUN_PATH values, causing ghostscript to search for libraries to load in current directorys.

Solution(s)

  • redhat-upgrade-ghostscript

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;