Bugtraq mailing list archives
Re: Acrobat reader 5.05 temp file insecurity
From: <secfocus () downhill at eu org>
Date: 25 Jul 2002 13:33:35 -0000
In-Reply-To: <200206242133.g5OLXgS78108 () milan maths usyd edu au> <psz () maths usyd edu au (Paul Szabo)> wrote [...]
Acroread creates or overwrites the file
/tmp/AdobeFnt06.lst.UID, and
changes its permissions to wide open (mode 666); it
also follows
symlinks. The attack is obvious: ln -s ~victim/.bashrc /tmp/AdobeFnt06.lst.VUID and wait for victim to use acroread; then we can write
his .bashrc. Adobe claims to have fixed this in 5.06: README: | New for Acrobat Reader 5.0.6 | | A security patch was applied that solves the problem | reported in http://online.securityfocus.com/archive/1/278984 where | opening the font cache when the application starts up | can unintentionally cause the permissions of other | files to change. cu andreas
Current thread:
- Re: Acrobat reader 5.05 temp file insecurity Paul Szabo (Jul 04)
- <Possible follow-ups>
- Re: Acrobat reader 5.05 temp file insecurity secfocus (Jul 25)