xpdf and acrobat reader hole

James Iwanek chthon at chthon-uk.com
Tue Jun 17 06:42:11 PDT 2003

Sam Halliday wrote:

> James Iwanek wrote:
>> Jochen Schroeder wrote:
>> > There is a whole in acrobat reader and xpdf which let's you execute
>> > any shell command from within a pdf-dokument. Nice thing if you
>> > embed rm -rf$HOME/* within an pdf-file. Am still not quite sure if
>> > this really is a hole or considered a feature ;-). Anyways here's
>> > the relevant link:
>> > http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html
>> any fool knows you have a more robust hack if you were to replace
>> monkey with $USER ;-)
> `rm -rf $HOME/$USER`
> can't see that doing much :-/
> (e.g. expanded=`rm -rf /home/samuel/samuel`)

oops - thats what i get for writing mails late at night ;-(

you are quite right ;-)

> however, a REAL fool would use the opportunity to plant a backdoor or
> mail a secret GPG key back home... the simplicity of this exploit is
> quite scary, i imagine that most applications/formats have similar
> issues; especially with everything trying so hard to interoperate on a
> point-and-click basis.
> i wonder if large archives like arXiv.org are going to parse for this
> kind of thing? they generate PDF files on demand (with some level of
> caching) from the source .tex files. however, someone actually using
> this kind of exploit with their name attached to it is enough to lose
> them a career in research, but it is scary that such an exploit is
> possible to begin with...
> Sam... thinking about moving this to lfs-chat

Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list