In-Reply-To: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED] (Paul Szabo)> wrote
[...]
>Acroread creates or overwrites the file
/tmp/AdobeFnt06.lst.UID, and
>changes its permissions to wide open (mode 666); it
also follows
>symlinks. The attack is obvious:
>
> ln -s ~victim/.bashrc /tmp/AdobeFnt06.lst.VUID
>
>and wait for victim to use acroread; then we can write
his .bashrc.
Adobe claims to have fixed this in 5.06:
README:
| New for Acrobat Reader 5.0.6
|
| A security patch was applied that solves the problem
| reported in
http://online.securityfocus.com/archive/1/278984 where
| opening the font cache when the application starts up
| can unintentionally cause the permissions of other
| files to change.
cu andreas
