PDFs may pose threat to Unix, Linux

A security flaw in commonly distributed file-viewing programs may make it possible for attackers to use Adobe Systems Inc. PDF and PostScript files to run malicious code on machines using the Unix or Linux operating systems, according to an advisory released by technology security company iDefense Inc.

The open source viewing programs, named gv, kghostview and ggv, are used to view PDF and PostScript files and are commonly packaged with popular versions of the Linux operating systems including those by RedHat Inc. and the Debian Project, as well as common flavors of Unix such as those by Sun Microsystems Inc., according to David Endler, director of technical intelligence at Chantilly, Virginia-based iDefense.

Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run.

Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said.

And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.

The vulnerability does not appear to be exploitable when opening PDF and PostScript files from the viewer's interface, according to Endler, so attackers would need to trick users into opening the files using text commands.

While that may seem like a tall task, associating any of the affected readers with an e-mail program may expose users to the vulnerability when opening PDF or PostScript e-mail attachments.

Gv is one of a number of programs that interact with ghostscript, common open source code that enables the contents of Adobe PDF and PostScript files to be viewed. Kghostview and ggv are variations of the gv source code. Other variations include ghostview, mgv, and gsview. It is not known whether those readers contain the buffer overflow vulnerability as well.

Compounding the vulnerability problem is the collaborative nature of software development for Unix and Linux. The gv program was originally authored by Johannes Plass from the Department of Physics at Johannes Gutenberg University in Mainz, Germany. Unfortunately, Plass could not be reached by the security experts who discovered the vulnerability and, as yet, no fix for the vulnerability has been issued, according to the advisory.

Leading Linux and Unix vendors will soon be issuing patches for the vulnerability, according to Endler. According to Endler, Red Hat Inc. will have patches for the three affected readers available by next week.

In the meantime, iDefense recommends switching to a PDF and PostScript reader that is not affected by the vulnerability. If using an affected reader, iDefense recommends opening PDF and PostScript files only from the user interface, instead of from the command line.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?