|
Bugtraq
mailing list archives
Re: Acrobat reader 5.05 temp file insecurity
From: psz () maths usyd edu au (Paul Szabo)
Date: Thu, 4 Jul 2002 13:14:32 +1000 (EST)
Juan M. Courcoul <courcoul () campus qro itesm mx> wrote:
Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It
creates or overwrites the file
/Library/Application Support/Adobe/Fonts/AdobeFnt.lst
with the same owner as the user and with group "admin", but with 644
file permissions. The directory does not have world-writeable permissions.
I am puzzled: how can a "simple" user create that file, when the directory
has no world-writable permissions? How can another user overwrite it, when
the file has 644 permissions? (It would seem that Juan was running as root;
"simple" users may still be vulnerable. I have no Mac to test.)
(See also http://www.securityfocus.com/bid/3225 .)
Cheers,
Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
 By Date 
By Thread
Current thread:
- Re: Acrobat reader 5.05 temp file insecurity Paul Szabo (Jul 04)
| 
Intro
