首页 -> 安全研究
安全研究
安全漏洞
Acrobat Reader 4.0 字体文件属性创建漏洞
发布日期:2001-08-22
更新日期:2001-08-23
受影响系统:
描述:
Acrobat Reader 4.0
- RedHat Linux
- Sun Solaris 2.x
Acrobat Reader 4.0 for Unix版本存在一个安全问题。在执行Acrobat Reader时,它会在
用户主目录下创建一个文件AdobeFnt.lst,这个文件中包含一些字体映射的信息。这个文
件创建时的属性为666, 允许任何人可写。这允许攻击者控制字体显示的形式,可能存在
一些潜在的安全问题。
<*来源:Darren Moffat (darrenm@otis.uk)
Michael Paoli (michael1cat@yahoo.com)
*>
建议:
临时解决方法:
Michael Paoli (michael1cat@yahoo.com)提供了一个wrapper程序:
########################################################################
if [ ! -e $HOME/AdobeFnt.lst ]; then
# AcroRead will happily create a world writable AdobeFnt.lst ...
trap "rm -f $HOME/AdobeFnt.lst" 0
ln -s /dev/null $HOME/AdobeFnt.lst
fi
########################################################################
#wrapper stuff to work around world writable ~/AdobeFnt.lst issues
#directory we'll use, relative to HOME, to work around the problem
kludgedir=.AdobeFnt.security_kludge_dir
#check HOME isn't null
[ X"$HOME" != X ] || {
1>&2 echo "$0: HOME is unset or null - aborting"
exit 1
}
#if pathname for our kludge directory exists
if >>/dev/null 2>&1 ls -d "$HOME/$kludgedir"
then
#check that it's properly secured
2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || {
#not properly secured, complain and exit
1>&2 echo "$0: found $HOME/$kludgedir but expecting directory with no group or world write or execute permissions - aborting"
exit 1
}
else
#"$HOME/$kludgedir" doesn't exist, make it
(umask 077 && mkdir -p "$HOME/$kludgedir")
#we should have properly secure "$HOME/$kludgedir" at this point, verify
2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || {
1>&2 echo "$0: unable to create properly secured $HOME/$kludgedir - aborting"
exit 1
}
fi
#does "$HOME"/AdobeFnt.lst exist in any form?
if >>/dev/null 2>&1 ls -d "$HOME"/AdobeFnt.lst
then
#"$HOME"/AdobeFnt.lst may already be set up properly - check
if [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" != X"$kludgedir"/AdobeFnt.lst ]
then
#it's not what we were hoping for ... is it ordinary file?
if [ ! -L "$HOME"/AdobeFnt.lst -a -f "$HOME"/AdobeFnt.lst ]
then
rm -f "$HOME"/AdobeFnt.lst
#is it gone?
[ ! -f "$HOME"/AdobeFnt.lst ] || {
1>&2 echo "$0: failed to remove $HOME/AdobeFnt.lst file - aboring"
exit 1
}
ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst
#test that "$HOME"/AdobeFnt.lst has been set up properly
[ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || {
1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting"
exit 1
}
else
1>&2 echo "$0: $HOME/AdobeFnt.lst isn't set up as we need it, please remove it - aborting"
exit 1
fi
fi
else
ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst
#test that "$HOME"/AdobeFnt.lst has been set up properly
[ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || {
1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting"
exit 1
}
fi
#we're done with the kludgedir shell variable
unset kludgedir
########################################################################
厂商补丁:
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商
的主页以获取最新版本:
http://www.adobe.com/
浏览次数:3936
严重程度:0(网友投票)
绿盟科技给您安全的保障