Acrobat Reader 4.0 字体文件属性创建漏洞

发布日期：2001-08-22
更新日期：2001-08-23

受影响系统：

Acrobat Reader 4.0
- RedHat Linux
- Sun Solaris 2.x

描述：

---

Acrobat Reader 4.0 for Unix版本存在一个安全问题。在执行Acrobat Reader时，它会在
用户主目录下创建一个文件AdobeFnt.lst，这个文件中包含一些字体映射的信息。这个文
件创建时的属性为666, 允许任何人可写。这允许攻击者控制字体显示的形式，可能存在
一些潜在的安全问题。

<*来源：Darren Moffat (darrenm@otis.uk)
Michael Paoli (michael1cat@yahoo.com)
*>


建议：

---

临时解决方法：

Michael Paoli (michael1cat@yahoo.com)提供了一个wrapper程序：
########################################################################
if [ ! -e $HOME/AdobeFnt.lst ]; then
# AcroRead will happily create a world writable AdobeFnt.lst ...
trap "rm -f $HOME/AdobeFnt.lst" 0
ln -s /dev/null $HOME/AdobeFnt.lst
fi
########################################################################
#wrapper stuff to work around world writable ~/AdobeFnt.lst issues

#directory we'll use, relative to HOME, to work around the problem
kludgedir=.AdobeFnt.security_kludge_dir

#check HOME isn't null
[ X"$HOME" != X ] || {
1>&2 echo "$0: HOME is unset or null - aborting"
exit 1
}

#if pathname for our kludge directory exists
if >>/dev/null 2>&1 ls -d "$HOME/$kludgedir"
then
#check that it's properly secured
2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || {
#not properly secured, complain and exit
1>&2 echo "$0: found $HOME/$kludgedir but expecting directory with no group or world write or execute permissions - aborting"
exit 1
}
else
#"$HOME/$kludgedir" doesn't exist, make it
(umask 077 && mkdir -p "$HOME/$kludgedir")
#we should have properly secure "$HOME/$kludgedir" at this point, verify
2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || {
1>&2 echo "$0: unable to create properly secured $HOME/$kludgedir - aborting"
exit 1
}
fi

#does "$HOME"/AdobeFnt.lst exist in any form?
if >>/dev/null 2>&1 ls -d "$HOME"/AdobeFnt.lst
then
#"$HOME"/AdobeFnt.lst may already be set up properly - check
if [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" != X"$kludgedir"/AdobeFnt.lst ]
then
#it's not what we were hoping for ... is it ordinary file?
if [ ! -L "$HOME"/AdobeFnt.lst -a -f "$HOME"/AdobeFnt.lst ]
then
rm -f "$HOME"/AdobeFnt.lst
#is it gone?
[ ! -f "$HOME"/AdobeFnt.lst ] || {
1>&2 echo "$0: failed to remove $HOME/AdobeFnt.lst file - aboring"
exit 1
}
ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst
#test that "$HOME"/AdobeFnt.lst has been set up properly
[ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || {
1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting"
exit 1
}
else
1>&2 echo "$0: $HOME/AdobeFnt.lst isn't set up as we need it, please remove it - aborting"
exit 1
fi
fi
else
ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst
#test that "$HOME"/AdobeFnt.lst has been set up properly
[ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || {
1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting"
exit 1
}
fi

#we're done with the kludgedir shell variable
unset kludgedir
########################################################################

厂商补丁：

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商
的主页以获取最新版本：
http://www.adobe.com/

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有