Re: Acrobat reader 5.05 temp file insecurity

From: Paul Szabo (pszat_private)
Date: Wed Jul 03 2002 - 20:14:32 PDT

Next message: zillion: "nn remote format string vulnerability"

Previous message: OpenPKG: "[OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)"
Next in thread: secfocusat_private: "Re: Acrobat reader 5.05 temp file insecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Juan M. Courcoul <courcoulat_private> wrote:

> Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It 
> creates or overwrites the file
> 
> /Library/Application Support/Adobe/Fonts/AdobeFnt.lst
> 
> with the same owner as the user and with group "admin", but with 644 
> file permissions. The directory does not have world-writeable permissions.

I am puzzled: how can a "simple" user create that file, when the directory
has no world-writable permissions? How can another user overwrite it, when
the file has 644 permissions? (It would seem that Juan was running as root;
"simple" users may still be vulnerable. I have no Mac to test.)

(See also http://www.securityfocus.com/bid/3225 .)

Cheers,

Paul Szabo - pszat_private  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Next message: zillion: "nn remote format string vulnerability"
Previous message: OpenPKG: "[OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)"
Next in thread: secfocusat_private: "Re: Acrobat reader 5.05 temp file insecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 09:13:42 PDT