Skip to main content

2018 | OriginalPaper | Buchkapitel

PostScript Undead: Pwning the Web with a 35 Years Old Language

verfasst von : Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk

Erschienen in: Research in Attacks, Intrusions, and Defenses

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

PostScript is a Turing complete page description language dating back to 1982. It is supported by most laser printers and for a long time it had been the preferred file format for documents like academic papers. In this work, we show that popular services such as Wikipedia, Microsoft OneDrive, and Google Mail can be attacked using malicious PostScript code. Besides abusing legitimate features of the PostScript language, we systematically analyzed the security of the most popular PostScript interpreter – Ghostscript. Our attacks include information disclosure, file inclusion, and remote command execution. Furthermore, we present methods to obfuscate PostScript code and embed it within legitimate PDF files to bypass security filters. This allows us to create a hybrid exploit that can be used to attack web applications, clients systems, print servers, or printers. Our large-scale evaluation reveals that 56% of the analyzed web applications are vulnerable to at least one attack. In addition, three of the top 15 Alexa websites were found vulnerable. We provide different countermeasures and discuss their advantages and disadvantages. Finally, we extend the scope of our research considering further targets and more advanced obfuscation techniques.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
ImageMagick Studio LLC, ImageMagick, http://​imagemagick.​org, Mar. 2017.
 
2
Artifex Software, Ghostscript, https://​ghostscript.​com/​, Mar. 2017.
 
3
Apple Inc., Common UNIX Printing System, https://​www.​cups.​org/​, Mar. 2017.
 
4
The Apache Software Foundation, PDFBox, https://​pdfbox.​apache.​org/​, Mar. 2017.
 
5
Note that the proof-of-concept file is hosted on Dropbox. After uploading, we realized that Dropbox itself processes PostScript documents. The shown preview image therefore is the rendered result of the attack catalog executed on the Dropbox server.
 
6
Wikimedia Foundation, MediaWiki, https://​www.​mediawiki.​org/​, Mar. 2017.
 
7
GNU Project, GNU less, https://​www.​gnu.​org/​software/​less/​, Mar. 2017.
 
8
Christos Zoulas, The file(1) Command, https://​github.​com/​file/​file, Mar. 2017.
 
Literatur
1.
Zurück zum Zitat Adobe Systems: Adobe Type 1 Font Format (1990) Adobe Systems: Adobe Type 1 Font Format (1990)
2.
Zurück zum Zitat Adobe Systems: PostScript Language Reference Manual (1999) Adobe Systems: PostScript Language Reference Manual (1999)
3.
Zurück zum Zitat Adobe Systems: Pdfmark Reference Manual (2005) Adobe Systems: Pdfmark Reference Manual (2005)
4.
Zurück zum Zitat Albertini, A.: This PDF is a JPEG; or, this Proof of Concept is a Picture of Cats. PoC 11 GTFO 0x03 (2014) Albertini, A.: This PDF is a JPEG; or, this Proof of Concept is a Picture of Cats. PoC 11 GTFO 0x03 (2014)
5.
Zurück zum Zitat Baccas, P.: Finding rules for heuristic detection of malicious PDFs: with analysis of embedded exploit code. In: Virus Bulletin Conference (2010) Baccas, P.: Finding rules for heuristic detection of malicious PDFs: with analysis of embedded exploit code. In: Virus Bulletin Conference (2010)
6.
Zurück zum Zitat Backes, M., Dürmuth, M., Unruh, D.: Vorgetäuscht/Böse Textdokumente - Postscript Gone Wild (2007). (in German) Backes, M., Dürmuth, M., Unruh, D.: Vorgetäuscht/Böse Textdokumente - Postscript Gone Wild (2007). (in German)
8.
Zurück zum Zitat Blonce, A., Filiol, E., Frayssignes, L.: Portable Document Format (PDF) Security Analysis and Malware Threats. BlackHat Europe (2008) Blonce, A., Filiol, E., Frayssignes, L.: Portable Document Format (PDF) Security Analysis and Malware Threats. BlackHat Europe (2008)
9.
Zurück zum Zitat Costin, A.: Hacking printers for fun and profit. Hack.lu (2010) Costin, A.: Hacking printers for fun and profit. Hack.lu (2010)
10.
Zurück zum Zitat Costin, A.: Hacking printers - 10 years down the road. Hash Days (2011) Costin, A.: Hacking printers - 10 years down the road. Hash Days (2011)
11.
Zurück zum Zitat Costin, A.: Postscript(um): You’ve Been Hacked. 28C3 (2011) Costin, A.: Postscript(um): You’ve Been Hacked. 28C3 (2011)
12.
Zurück zum Zitat Costin, A.: Postscript: Danger ahead?! Hack in Paris (2012) Costin, A.: Postscript: Danger ahead?! Hack in Paris (2012)
14.
Zurück zum Zitat Goldberg, I., Wagner, D., Thomas, R., Brewer, E., et al.: A Secure Environment for untrusted helper applications: confining the wily hacker. In: Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography, vol. 6, p. 1 (1996) Goldberg, I., Wagner, D., Thomas, R., Brewer, E., et al.: A Secure Environment for untrusted helper applications: confining the wily hacker. In: Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography, vol. 6, p. 1 (1996)
15.
Zurück zum Zitat Hong, Y., Zheng, M.: A Ghost from Postscript. Ruxcon (2017) Hong, Y., Zheng, M.: A Ghost from Postscript. Ruxcon (2017)
16.
Zurück zum Zitat Magazinius, J., Rios, B.K., Sabelfeld, A.: Polyglots: crossing origins by crossing formats. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 753–764. ACM (2013) Magazinius, J., Rios, B.K., Sabelfeld, A.: Polyglots: crossing origins by crossing formats. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 753–764. ACM (2013)
17.
Zurück zum Zitat Markwood, I., Shen, D., Liu, Y., Lu, Z.: PDF mirage: content masking attack against information-based online services. In: 26th USENIX Security Symposium (USENIX Security 17), (Vancouver, BC), pp. 833–847 (2017) Markwood, I., Shen, D., Liu, Y., Lu, Z.: PDF mirage: content masking attack against information-based online services. In: 26th USENIX Security Symposium (USENIX Security 17), (Vancouver, BC), pp. 833–847 (2017)
18.
Zurück zum Zitat Müller, J., Mladenov, V., Somorovsky, J., Schwenk, J.: SoK: exploiting network printers. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 213–230. IEEE (2017) Müller, J., Mladenov, V., Somorovsky, J., Schwenk, J.: SoK: exploiting network printers. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 213–230. IEEE (2017)
20.
Zurück zum Zitat Raynal, F., Delugré, G., Aumaitre, D.: Malicious origami in PDF. J. Comput. Virol. 6(4), 289–315 (2010)CrossRef Raynal, F., Delugré, G., Aumaitre, D.: Malicious origami in PDF. J. Comput. Virol. 6(4), 289–315 (2010)CrossRef
21.
Zurück zum Zitat Selvaraj, K., Gutierrez, N.: The rise of PDF malware. Symantec Security Response (2010) Selvaraj, K., Gutierrez, N.: The rise of PDF malware. Symantec Security Response (2010)
22.
Zurück zum Zitat Sibert, W.: Malicious data and computer security. In: Proceedings of the 19th National Information Systems Security Conference (1996) Sibert, W.: Malicious data and computer security. In: Proceedings of the 19th National Information Systems Security Conference (1996)
23.
Zurück zum Zitat Späth, C., Mainka, C., Mladenov, V., Schwenk, J.: Sok: xml parser vulnerabilities. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016), Austin, TX (2016) Späth, C., Mainka, C., Mladenov, V., Schwenk, J.: Sok: xml parser vulnerabilities. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016), Austin, TX (2016)
Metadaten
Titel
PostScript Undead: Pwning the Web with a 35 Years Old Language
verfasst von
Jens Müller
Vladislav Mladenov
Dennis Felsch
Jörg Schwenk
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-030-00470-5_28