PDFs may pose threat to Unix, Linux

A security flaw in commonly distributed file-viewing programs may make it possible for attackers to use Adobe Systems Inc. PDF and PostScript files to run malicious code on machines using the Unix or Linux operating systems, according to an advisory released by technology security company iDefense Inc.

The open source viewing programs, named gv, kghostview and ggv, are used to view PDF and PostScript files and are commonly packaged with popular versions of the Linux operating systems including those by RedHat Inc. and the Debian Project, as well as common flavors of Unix such as those by Sun Microsystems Inc., according to David Endler, director of technical intelligence at Chantilly, Virginia-based iDefense.

Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run.

Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said.

And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.

The vulnerability does not appear to be exploitable when opening PDF and PostScript files from the viewer's interface, according to Endler, so attackers would need to trick users into opening the files using text commands.

While that may seem like a tall task, associating any of the affected readers with an e-mail program may expose users to the vulnerability when opening PDF or PostScript e-mail attachments.

Gv is one of a number of programs that interact with ghostscript, common open source code that enables the contents of Adobe PDF and PostScript files to be viewed. Kghostview and ggv are variations of the gv source code. Other variations include ghostview, mgv, and gsview. It is not known whether those readers contain the buffer overflow vulnerability as well.

Compounding the vulnerability problem is the collaborative nature of software development for Unix and Linux. The gv program was originally authored by Johannes Plass from the Department of Physics at Johannes Gutenberg University in Mainz, Germany. Unfortunately, Plass could not be reached by the security experts who discovered the vulnerability and, as yet, no fix for the vulnerability has been issued, according to the advisory.

Leading Linux and Unix vendors will soon be issuing patches for the vulnerability, according to Endler. According to Endler, Red Hat Inc. will have patches for the three affected readers available by next week.

In the meantime, iDefense recommends switching to a PDF and PostScript reader that is not affected by the vulnerability. If using an affected reader, iDefense recommends opening PDF and PostScript files only from the user interface, instead of from the command line.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?