('binary' encoding is not supported, stored as-is) In-Reply-To: <200206242133.g5OLXgS78108at_private> <pszat_private (Paul Szabo)> wrote [...] >Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and >changes its permissions to wide open (mode 666); it also follows >symlinks. The attack is obvious: > > ln -s ~victim/.bashrc /tmp/AdobeFnt06.lst.VUID > >and wait for victim to use acroread; then we can write his .bashrc. Adobe claims to have fixed this in 5.06: README: | New for Acrobat Reader 5.0.6 | | A security patch was applied that solves the problem | reported in http://online.securityfocus.com/archive/1/278984 where | opening the font cache when the application starts up | can unintentionally cause the permissions of other | files to change. cu andreas
This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 09:59:08 PDT