Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - June 29, 2005

TITLE:
Adobe Reader for Linux Insecure Temporary File Creation

SECUNIA ADVISORY ID:
SA14457

VERIFY ADVISORY:
http://secunia.com/advisories/14457/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Adobe Acrobat Reader 5.x
http://secunia.com/product/389/

DESCRIPTION:
Secunia Research has discovered a security issue in Adobe Reader for
Linux, which can be exploited by malicious, local users to gain
knowledge of sensitive information.

The problem is caused due to temporary files being created with
permissions based on the user's umask in the "/tmp" folder under
certain circumstances when documents are opened.

Successful exploitation allows an unprivileged user to read arbitrary
users' documents.

The security issue has been confirmed in version 5.0.10. Other
versions may also be affected.

SOLUTION:
The security issue does not affect version 7.0 for Linux. The vendor
therefore recommends users to upgrade to this version.

The vendor is not planning on releasing a patch for version 5.0.10
even though it's still available for download from the vendor's web
site.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2005-6/

Discussion is locked
You are posting a reply to: VULNERABILITIES - June 29, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - June 29, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Vulnerability with Mozilla Firefox, Suite & Caminio Browsers

In reply to: VULNERABILITIES - June 29, 2005

Paul Kurczaba reported a vulnerability in the Mozilla Firefox, Mozilla Suite and Mozilla Camino browsers. A remote user can cause the browser to crash. A remote user can create specially crafted Javascript that, when loaded by the target user, will cause the target user's browser to crash. The code can repeatedly call an empty function to trigger the flaw.

Impact: A remote user can cause the target user's browser to crash.
Solution: No solution was available at the time of this entry. As a workaround, Javascript can be disabled.

Vulnerable Software:

Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4

http://securitytracker.com/alerts/2005/Jun/1014292.html
http://securitytracker.com/alerts/2005/Jun/1014293.html
http://securitytracker.com/alerts/2005/Jun/1014294.html
http://www.kurczaba.com/html/security/0506241.htm

Collapse -
Fresh Javascript Browser Exploit

In reply to: VULNERABILITIES - June 29, 2005

Hot on the heels of an exploit which allowed Javascript popups to appear in front of another site, Neowin has learned of another, potentially more dangerous, use for the script.

The latest problem, reported to us by Neowin user flanderssoft, centres around the ability to refresh a page other than the one currently open - if that page has loaded a popup in the first place. It would allow visitors clicking on a malicious link to Hotmail to initially be served with the correct page, before being transferred seconds later to one which looks identical on another server. If the URLs were similar, it's likely many users wouldn't notice the change.

The exploit sample below only works on IE: however, tests seem to suggest it may work on other browsers. The only reason it doesn't in this case is the use of an unusual extension (.srf) throwing them off.

It's likely this exploit, like the previous one, may not be patched; many sites use this ability in a legitimate way to refresh a page after a link in another window is clicked. Therefore the only way to avoid it is, as always, to not click suspicious links - or to disable Javascript.

http://www.neowin.net/comments.php?id=29147&category=main#comment374727

Collapse -
IE 'javaprxy.dll' COM Object Exception Handling

In reply to: VULNERABILITIES - June 29, 2005

Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Crash the Browser

A vulnerability was reported in Microsoft Internet Explorer in 'javaprxy.dll'. A remote user can cause the target user's browser to crash or potentially execute arbitrary code.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow in 'javaprxy.dll' and cause the target user's browser to crash. Specially crafted object tags can cause certain COM componenets to crash.

It may be possible to overwrite a function pointer to execute arbitrary code. However, the vendor could not reproduce a function pointer overwrite.

http://securitytracker.com/alerts/2005/Jun/1014329.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.