[26056] in bugtraq
Re: Acrobat reader 5.05 temp file insecurity
daemon@ATHENA.MIT.EDU (Paul Szabo)
Thu Jul 4 12:21:20 2002
Date: Thu, 4 Jul 2002 13:14:32 +1000 (EST)
From: psz@maths.usyd.edu.au (Paul Szabo)
Message-Id: <200207040314.g643EWD59979@milan.maths.usyd.edu.au>
To: bugtraq@securityfocus.com, courcoul@campus.qro.itesm.mx
Juan M. Courcoul <courcoul@campus.qro.itesm.mx> wrote:
> Acrobat Reader 5.0.5 on MacOS X does not seem to have this problem. It
> creates or overwrites the file
>
> /Library/Application Support/Adobe/Fonts/AdobeFnt.lst
>
> with the same owner as the user and with group "admin", but with 644
> file permissions. The directory does not have world-writeable permissions.
I am puzzled: how can a "simple" user create that file, when the directory
has no world-writable permissions? How can another user overwrite it, when
the file has 644 permissions? (It would seem that Juan was running as root;
"simple" users may still be vulnerable. I have no Mac to test.)
(See also http://www.securityfocus.com/bid/3225 .)
Cheers,
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
