BSSA-2023-01

Revision as of 13:43, 25 July 2023 by Mglaser (talk | contribs) (Ghostscript BSSA)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Date 2023-07-25
Severity Medium
Affected
  • BlueSpice Infrastructure: Ghostscript
Fixed in
  • Ghostscript 9.53.0 and 10.01.2
CVE CVE-2023-36664

Problem

A bug in ghostscript can be exploited to run arbitrary code on the host machine using prepared PDF document. In BlueSpice, when a) PDFHandler is enabled and b) a PDF document is uploaded, a preview image is being generated using ghostscript. If an attacker uploads a prepared PDF, they can execute code on the server.

PDFHandler is not enabled by default, but many installations have set it active.

Solution

Upgrade Ghostscript to a fixed version.

If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images.

Resources


Acknowledgements

Found during an internal security audit.