__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
UNIX PDF readers/viewers Malicious Hyperlinks Vulnerability
June 19, 2003 18:00 GMT Number N-107
[Revised 07 July 03]
[Revised 17 July 03]
______________________________________________________________________________
PROBLEM: A vulnerability in various UNIX PDF readers/viewers has been
found where remote attackers could embed malicious external-type
hyperlinks in PDF files allowing access to a victim's system.
This applies only to PDF readers on UNIX/Linux systems.
Readers on Windows and Macintosh systems are not vulnerable.
PLATFORM: - Red Hat Linux versions: 9.0, 8.0, 7.3, 7.2, and 7.1
- Sun Linux v5.0 (See Sun's Alert Notification)
- Sun Solaris (no patch information yet)
- HP/UX (no patch information yet)
- AIX (no patch information yet)
DAMAGE: If a victim clicks on a malicious hyperlink, an attacker could
execute arbitrary shell commands with the victim's privileges.
SOLUTIONS: - Apply vendor patches when available.
- Upgrade to Adobe Reader v5.07 or XPDF 2.02 pl1 (open-source
version).
- Monitor CERT's Vulnerability Note VU#200132 for updated vendor
information.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. This vulnerability is possible because some
ASSESSMENT: UNIX/Linux PDF readers/viewers spawn external programs to
handle hyperlinks by invoking the shell command interpreter.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-107.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2003-196.html
ADDITIONAL CERT:
INFORMATION: http://www.kb.cert.org/vuls/id/200132
Adobe Reader:
http://www.adobe.com/products/acrobat/readstep2.html
XPDF:
http://www.foolabs.com/xpdf/about.html
SUN:
http://www.sunsolve.sun.com/pub-cgi/
retrieve.pl?doc=fsalert%2F55601&zone_32=category%3Asecurity
______________________________________________________________________________
Revision History:
7/7/03 - Added Sun's Alert link.
7/17/03 - Updated Red Hat Advisory for release of 2nd round of updated packages.
[****** Start of Red Hat, Inc. RHSA-2003:196-13 ******]
Updated Xpdf packages fix security vulnerability
Advisory: RHSA-2003:196-13
Last updated on: 2003-07-17
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
CVEs (cve.mitre.org): CAN-2003-0434
Details:
Updated Xpdf packages are available that fix a vulnerability where a
malicious PDF document could run arbitrary code.
[Updated 16 July 2003]
Updated packages are now available, as the original errata packages did not
fix all possible ways of exploiting this vulnerability.
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.
Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
attacker can embed malicious external-type hyperlinks that, if activated or
followed by a victim, can execute arbitrary shell commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0434 to this issue.
All users of Xpdf are advised to upgrade to these errata packages, which
contain a backported security patch that corrects this issue.
Updated packages:
Red Hat Linux 7.1
--------------------------------------------------------------------------------
SRPMS:
xpdf-0.92-4.71.2.src.rpm
[ via FTP ] [ via HTTP ] dfdc27db65d2706554a3a35a1e4c7e0a
i386:
xpdf-0.92-4.71.2.i386.rpm
[ via FTP ] [ via HTTP ] 56083c770c865432ee611c64cffa42f6
Red Hat Linux 7.2
--------------------------------------------------------------------------------
SRPMS:
xpdf-0.92-10.src.rpm
[ via FTP ] [ via HTTP ] 936f5aad703113ac64b3ebd608c21f48
i386:
xpdf-0.92-10.i386.rpm
[ via FTP ] [ via HTTP ] 3b37ceb7ac361a02b60dddf011a5f58d
ia64:
xpdf-0.92-10.ia64.rpm
[ via FTP ] [ via HTTP ] ef4ed48238c8d9bfb7125311aea1d000
Red Hat Linux 7.3
--------------------------------------------------------------------------------
SRPMS:
xpdf-1.00-7.src.rpm
[ via FTP ] [ via HTTP ] bbbca3b1e966cfbfbf4d05934f289a11
i386:
xpdf-1.00-7.i386.rpm
[ via FTP ] [ via HTTP ] 5120b76b6af8c48a3311f3d69a3cdaa0
xpdf-chinese-simplified-1.00-7.i386.rpm
[ via FTP ] [ via HTTP ] ddd9c3f4413e16dac99787715d735c44
xpdf-chinese-traditional-1.00-7.i386.rpm
[ via FTP ] [ via HTTP ] 466a0f0dd7b872ae52458bd395e79d7a
xpdf-japanese-1.00-7.i386.rpm
[ via FTP ] [ via HTTP ] 37390017f6ace8b30b0f5eec13dc31a6
xpdf-korean-1.00-7.i386.rpm
[ via FTP ] [ via HTTP ] 58806d04ec73add2c288b522f792dada
Red Hat Linux 8.0
--------------------------------------------------------------------------------
SRPMS:
xpdf-1.01-12.src.rpm
[ via FTP ] [ via HTTP ] d067a494ef6880548e68921d6d8f93a2
i386:
xpdf-1.01-12.i386.rpm
[ via FTP ] [ via HTTP ] ee5f74ddc384aa52d3d87aa215f4adf2
xpdf-chinese-simplified-1.01-12.i386.rpm
[ via FTP ] [ via HTTP ] bd0f09fcdb6530d5ea00f0e5812094b3
xpdf-chinese-traditional-1.01-12.i386.rpm
[ via FTP ] [ via HTTP ] 1d1fd8d47f01c2288d0e265d1b3f8307
xpdf-japanese-1.01-12.i386.rpm
[ via FTP ] [ via HTTP ] 5eb08e7781c8a6f347f1f0b9c6c777c7
xpdf-korean-1.01-12.i386.rpm
[ via FTP ] [ via HTTP ] 3afffdb1cfb92d5755cb804bfae1a3c4
Red Hat Linux 9
--------------------------------------------------------------------------------
SRPMS:
xpdf-2.01-11.src.rpm
[ via FTP ] [ via HTTP ] afb14526ec5cdfe9b0ffb95dc2c63709
i386:
xpdf-2.01-11.i386.rpm
[ via FTP ] [ via HTTP ] 142e668bb198b78e25db0202e5b04e04
xpdf-chinese-simplified-2.01-11.i386.rpm
[ via FTP ] [ via HTTP ] ef59838e701dc44fcaf6606a4b478377
xpdf-chinese-traditional-2.01-11.i386.rpm
[ via FTP ] [ via HTTP ] d96168e7862b86e7a81a36afabdfb25d
xpdf-japanese-2.01-11.i386.rpm
[ via FTP ] [ via HTTP ] a805a60fddeb36df6d0ccf79e22199a7
xpdf-korean-2.01-11.i386.rpm
[ via FTP ] [ via HTTP ] 98208ce3a9324b4a9cc9274d807b26e0
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Bugs fixed: (see bugzilla for more information)
79680 - xpdf packaging issues
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0434
http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html
--------------------------------------------------------------------------------
The listed packages are GPG signed by Red Hat, Inc. for security. Our key is
available at:
http://www.redhat.com/solutions/security/news/publickey/#key
You can verify each package and see who signed it with the following command:
rpm --checksig -v filename
If you only wish to verify that each package has not been corrupted or tampered
with, examine only the md5sum with the following command:
md5sum filename
The Red Hat security contact is security@redhat.com. More contact details at
http://www.redhat.com/solutions/security/news/contact.html
Copyright © 2002 Red Hat, Inc. All rights reserved.
[****** End of Red Hat, Inc. RHSA-2003:196-13 ******]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat, Inc. and CERT for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
N-097: Red Hat Updated Tcpdump Packages
N-098: Microsoft Cumulative Patch for Internet Information Service (IIS)
N-099: Apache 2.0.46 Release Fixes Security Vulnerabilities
N-100: Microsoft Windows Media Services ISAPI Extenstion Flaw
N-101: Microsoft Cumulative Patch for Internet Explorer (IE)
N-102: Hewlett-Packard Potential Security Vulnerabilities in CDE
N-103: Sun ONE Application Server May Disclose JavaServer Pages (JSP) Source
N-104: Red Hat Updated KDE packages
N-105: Sun "/usr/lib/utmp_update" Command Buffer Overflow Vulnerability
N-106: SGI Websetup/Webmin Security Vulnerability
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
