Vigil@nce - GNU gv: file corruption
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link, when GNU gv calls gs
to display a PDF file, in order to corrupt the file pointed by the
link.
Severity: 1/4
Creation date: 13/07/2010
DESCRIPTION OF THE VULNERABILITY
The GNU gv tool displays PostScript or PDF documents.
When the user displays a PDF document, gv creates a temporary file
(/tmp/gv_random.pdf.tmp) and calls gs (Ghostscript) to convert the
PDF file to PostScript. However, the temporary file is created in
an insecure way.
A local attacker can therefore create a symbolic link, when GNU gv
calls gs to display a PDF file, in order to corrupt the file
pointed by the link.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GNU-gv-file-corruption-9755