1 |
- ----------------------------------------------------------------------- |
2 |
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- ----------------------------------------------------------------------- |
4 |
PACKAGE : acroread -- Adobe Acrobat Reader |
5 |
SUMMARY : security vulnerability in acroread |
6 |
DATE : Sun Jul 7 23:02:04 UTC 2002 |
7 |
- ----------------------------------------------------------------------- |
8 |
|
9 |
OVERVIEW |
10 |
|
11 |
There is a temp file vulnerability that can be used to access user |
12 |
accounts, and possibly gain system priveleges. |
13 |
|
14 |
DETAIL |
15 |
|
16 |
|
17 |
Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and |
18 |
changes its permissions to wide open (mode 666); it also follows |
19 |
symlinks. |
20 |
|
21 |
http://bugs.gentoo.org/show_bug.cgi?id=4657 |
22 |
http://online.securityfocus.com/archive/1/278984 |
23 |
|
24 |
SOLUTION |
25 |
|
26 |
It is recommended that all Gentoo Linux users who are running acroread |
27 |
update their systems as follows. |
28 |
|
29 |
emerge --clean rsync |
30 |
emerge unmerge acroread |
31 |
emerge xpdf |
32 |
|
33 |
For now, the acroread ebuild will issue a warning to users to unmerge the |
34 |
package, and will proceed to emerge xpdf, for use as a pdf document |
35 |
viewer. |
36 |
|
37 |
- ------------------------------------------------------------------------ |
38 |
jago@×××××××××××.com |
39 |
seemant@g.o |
40 |
drobbins@g.o |
41 |
- ------------------------------------------------------------------------ |
42 |
|
43 |
-- |
44 |
Seemant Kulleen |
45 |
Developer and Project Co-ordinator, |
46 |
Gentoo Linux http://www.gentoo.org/~seemant |