Author Topic: CERT, Adobe Warn of Flaw in PDF File Readers  (Read 677 times)

Zombie9920

  • Member
  • **
  • Posts: 1,309
  • Kudos: 33
CERT, Adobe Warn of Flaw in PDF File Readers
« on: 20 June 2003, 22:19 »
Nearly a week after information on the problem was leaked on the Internet, Adobe Systems Inc. and CERT on Wednesday put out statements warning of a vulnerability in several software packages used to read Adobe PDF files on Unix machines.
The flaw allows a remote attacker to execute code on a vulnerable machine with the privileges of the local user. This is possible because the flawed readers spawn external programs to handle hyperlinks contained within PDF documents. In order to exploit the vulnerability, an attacker could embed a hyperlink within a malicious PDF.

 A number of readers/viewers are vulnerable, including Adobe Reader and versions from Red Hat Inc., Sun Microsystems Inc. and The Debian Project. Adobe's newly released Reader 5.07 includes a patch that fixes this flaw. The vulnerability affects machines running Unix, AIX, Linux, Solaris or HP/UX; Windows and Macintosh machines are unaffected.


Entire article

-----
You all may be wondering why I'm posting this in the *nix section...right? Well, the answer is simple. I posted it here because this flaw only affects *nix systems.

Laukev7

  • VIP
  • Member
  • ***
  • Posts: 2,834
  • Kudos: 495
CERT, Adobe Warn of Flaw in PDF File Readers
« Reply #1 on: 21 June 2003, 00:20 »
That's odd. Max OS X is a UN*X, and yet it's not affected by the flaw. Could the permission system on OS X be any different/more efficient than on other systems? And I've heard that Mac OS is quite a secure system.

Faust

  • Member
  • **
  • Posts: 1,223
  • Kudos: 0
Yesterday it worked
Today it is not working
Windows is like that
 -- http://www.gnu.org/fun/jokes/error-haiku.html

Faust

  • Member
  • **
  • Posts: 1,223
  • Kudos: 0
CERT, Adobe Warn of Flaw in PDF File Readers
« Reply #3 on: 21 June 2003, 07:56 »
This will be fixed within the week.  
Yesterday it worked
Today it is not working
Windows is like that
 -- http://www.gnu.org/fun/jokes/error-haiku.html

Zombie9920

  • Member
  • **
  • Posts: 1,309
  • Kudos: 33
CERT, Adobe Warn of Flaw in PDF File Readers
« Reply #4 on: 21 June 2003, 10:52 »
http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=Linux+Exploit

Given, yours turned up around 516,000 results.
Mine turned up around 453,000 results. The numbers on your side are a little higher. The big difference is the geeks claim Linux is so damn secure and unhackable(even though that is far from the truth).  The Windows users don't make such ludacris claims about Windows.

Face it, no software is bulletproof(hacker proof).

Laukev7

  • VIP
  • Member
  • ***
  • Posts: 2,834
  • Kudos: 495
CERT, Adobe Warn of Flaw in PDF File Readers
« Reply #5 on: 21 June 2003, 11:09 »
They do not claim that it's unbreakable (although many fanatics do). They say that bugs are repaired faster because Linux is open source. It is true, though, that unices are generally solid operating systems. Of course, that does not mean that Linux is the best of them.

emh

  • Member
  • **
  • Posts: 254
  • Kudos: 0
CERT, Adobe Warn of Flaw in PDF File Readers
« Reply #6 on: 23 June 2003, 00:51 »
quote:
Originally posted by Zombie9920:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=Linux+Exploit

Given, yours turned up around 516,000 results.
Mine turned up around 453,000 results. The numbers on your side are a little higher. The big difference is the geeks claim Linux is so damn secure and unhackable(even though that is far from the truth).  The Windows users don't make such ludacris claims about Windows.

Face it, no software is bulletproof(hacker proof).



Nobody here ever made that claim.  Of course it's not bulletproof, but it's generally much harder to hack Linux than it is to hack Windows, from what I understand.

[ June 22, 2003: Message edited by: emh ]


Pantso

  • Member
  • **
  • Posts: 1,249
  • Kudos: 55
    • http://www.support-freesoftware.org
CERT, Adobe Warn of Flaw in PDF File Readers
« Reply #7 on: 23 June 2003, 02:52 »
It certainly is more difficult to "root" or "hack" a well secured Linux box than a windows one. This is an undeniable fact. And nobody said that Linux is hack or bulletproof. Every piece of software has bugs, let alone OSes which consist of numerous lines of code. What Linux does have however, unlike M$ is excellent support from inside the community. Bugs and vulnerabilities are quickly discovered and fixed, whereas if you wait for M$ you'll die of old age.   :D