PDFs may pose threat to Unix, Linux
- 30 September, 2002 08:00
A security flaw in commonly distributed file-viewing programs may make it possible for attackers to use Adobe Systems Inc. PDF and PostScript files to run malicious code on machines using the Unix or Linux operating systems, according to an advisory released by technology security company iDefense Inc.
The open source viewing programs, named gv, kghostview and ggv, are used to view PDF and PostScript files and are commonly packaged with popular versions of the Linux operating systems including those by RedHat Inc. and the Debian Project, as well as common flavors of Unix such as those by Sun Microsystems Inc., according to David Endler, director of technical intelligence at Chantilly, Virginia-based iDefense.
Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run.
Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said.
And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.
The vulnerability does not appear to be exploitable when opening PDF and PostScript files from the viewer's interface, according to Endler, so attackers would need to trick users into opening the files using text commands.
While that may seem like a tall task, associating any of the affected readers with an e-mail program may expose users to the vulnerability when opening PDF or PostScript e-mail attachments.
Gv is one of a number of programs that interact with ghostscript, common open source code that enables the contents of Adobe PDF and PostScript files to be viewed. Kghostview and ggv are variations of the gv source code. Other variations include ghostview, mgv, and gsview. It is not known whether those readers contain the buffer overflow vulnerability as well.
Compounding the vulnerability problem is the collaborative nature of software development for Unix and Linux. The gv program was originally authored by Johannes Plass from the Department of Physics at Johannes Gutenberg University in Mainz, Germany. Unfortunately, Plass could not be reached by the security experts who discovered the vulnerability and, as yet, no fix for the vulnerability has been issued, according to the advisory.
Leading Linux and Unix vendors will soon be issuing patches for the vulnerability, according to Endler. According to Endler, Red Hat Inc. will have patches for the three affected readers available by next week.
In the meantime, iDefense recommends switching to a PDF and PostScript reader that is not affected by the vulnerability. If using an affected reader, iDefense recommends opening PDF and PostScript files only from the user interface, instead of from the command line.