Bugtraq mailing list archives

Re: Acrobat reader 5.05 temp file insecurity

From: psz () maths usyd edu au (Paul Szabo)
Date: Thu, 4 Jul 2002 13:14:32 +1000 (EST)

Juan M. Courcoul <courcoul () campus qro itesm mx> wrote:

Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It 
creates or overwrites the file

/Library/Application Support/Adobe/Fonts/AdobeFnt.lst

with the same owner as the user and with group "admin", but with 644 
file permissions. The directory does not have world-writeable permissions.


I am puzzled: how can a "simple" user create that file, when the directory
has no world-writable permissions? How can another user overwrite it, when
the file has 644 permissions? (It would seem that Juan was running as root;
"simple" users may still be vulnerable. I have no Mac to test.)

(See also http://www.securityfocus.com/bid/3225 .)

Cheers,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Current thread:

Re: Acrobat reader 5.05 temp file insecurity Paul Szabo (Jul 04)
- <Possible follow-ups>
- Re: Acrobat reader 5.05 temp file insecurity secfocus (Jul 25)