Flaw in Ghostscript sandbox allowed system compromise

Researcher discovers way to bypass restrictions

A bug in Ghostscript enabled hackers to take full control over a website by crafting a malicious PostScript file and uploading it to a vulnerable website.

The flaw was discovered by Google Project Zero researcher Tavis Ormandy, who uncovered it during an inspection of another Ghostscript bug.

Ghostscript interprets PostScript – a file format optimized for printing, similar to PDFs – which enables software suites such as ImageMagick and Gimp to render files, widely used in both desktop applications and server-side software.

PostScript is also sandboxed, meaning that when the interpreter is operating as designed, malicious files can do no harm to the host computer.

However, Ormandy found a way to bypass the sandbox within Ghostscript, which would allow the malicious actor to break out of it.

If a website allowed a PostScript file to be uploaded – for example, a jobhunting site which permitted the uploading of a resume – it could be compromised.

Before the patch, it was possible to bypass the sandbox using an executeonly command in the error handler in errordict, however the sandbox now ignores errordict.

Ormandy wrote: “One way to exploit this is to find an executeonly procedure that can stop [throw an exception] in two different ways, you trigger the first exception and then you make calling the errorhandler stop (/stackoverflow or /execoverflow will do).

“When that fails the operand stack is left in an inconsistent state, because ghostscript was trying to set up the errorhandler but failed.”

More about how he was able to carry the attack out can be found in a write-up here.

When he had broken out of the sandbox, Ormandy was able to turn off read and write permissions and access the users’ private files.

On a well secured Linux distribution, Ghostscript will execute within an AppArmor sandbox which provides a second line of defense. However, separate research by Project Zero has uncovered flaws in some distributions AppArmor profile which render this protection useless.

The bug (CVE-2018-17961) has been patched.