Bugtraq mailing list archives
Re: Acrobat reader 5.05 temp file insecurity
From: psz () maths usyd edu au (Paul Szabo)
Date: Thu, 4 Jul 2002 13:14:32 +1000 (EST)
Juan M. Courcoul <courcoul () campus qro itesm mx> wrote:
Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It creates or overwrites the file /Library/Application Support/Adobe/Fonts/AdobeFnt.lst with the same owner as the user and with group "admin", but with 644 file permissions. The directory does not have world-writeable permissions.
I am puzzled: how can a "simple" user create that file, when the directory has no world-writable permissions? How can another user overwrite it, when the file has 644 permissions? (It would seem that Juan was running as root; "simple" users may still be vulnerable. I have no Mac to test.) (See also http://www.securityfocus.com/bid/3225 .) Cheers, Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
Current thread:
- Re: Acrobat reader 5.05 temp file insecurity Paul Szabo (Jul 04)
- <Possible follow-ups>
- Re: Acrobat reader 5.05 temp file insecurity secfocus (Jul 25)