October 1st, 2002, 07:59 PM
*nix PDF vulnerability
I haven't seen this in the forums yet, so apologies if it's already been posted.
It's been said a million times, but this is just one more reason not to run as root......
Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run. Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said. And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.
Affected packages: gv, kghostview and ggv No mention of xpdf or Acroread as being either vulnerable or immune.
Do what you want with the girl, but leave me alone!
October 1st, 2002, 08:07 PM
Whew, good thing I never run as root, only as Super User
\"We are pressing through the sphincter of assholiness\"
October 2nd, 2002, 02:01 AM
dammit problemchild, I wish I could give you more APs....
\"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"