IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
dated August 24 1995 (see also S 2.35 Obtaining information on security
flaws of the system).
For example, this problem affects all ghostscript versions of Aladdin prior to
3.22beta and the GNU versions up to and including 2.6.2. In older ghostscript
versions there may also be further PostScript commands with which it is
possible to modify files. Only ghostscript versions where these problems have
been overcome should be used.
From version 1.5 onwards, the ghostview PostScript interpreter offers the -
safer option, which activates the security functions of ghostscript. Versions
earlier than 1.5 do not offer this protection, and should be replaced by the
current version.
Similar problems can also occur in the case of PDF files. PDF files which can
be read with Acrobat Reader freeware are often available in the Internet.
Functions such as program calls can be embedded in PDF files, and can pose a
security risk to the files of the local IT system. These embedded functions can
be started when a document is opened or via action triggers by moving
through the document, without the reader being aware of this.
To avoid this, PDF files should only be read with viewers such as ghostscript
which are not able to process this functionality, or with the latest version of
Acrobat Reader or Acrobat Exchange, which inform the user about the
presence of any macros and require explicit approval of their execution.
Additional controls:
- Does the virus checker program in use also detect macro viruses?
- Was a check made to see whether the -dSAFER option is activated in the
PostScript interpreters being used?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000