Results 1 to 3 of 3

Thread: *nix PDF vulnerability

  1. #1
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002

    *nix PDF vulnerability

    I haven't seen this in the forums yet, so apologies if it's already been posted.

    Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run. Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said. And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.
    It's been said a million times, but this is just one more reason not to run as root......

    Affected packages: gv, kghostview and ggv No mention of xpdf or Acroread as being either vulnerable or immune.

    Do what you want with the girl, but leave me alone!

  2. #2
    Senior Member SodaMoca5's Avatar
    Join Date
    Mar 2002
    Whew, good thing I never run as root, only as Super User
    \"We are pressing through the sphincter of assholiness\"

  3. #3
    Senior Member
    Join Date
    Jul 2002
    dammit problemchild, I wish I could give you more APs....
    \"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
    -Bad Religion

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts