xPdf integer overflow

P3nfold · 08-02-2003 10:23am #1

Recently my friend's system was comprimised due to the flaw in the xpdf viewer default for Redhat 6.2 through to 8.0. Accordaning to the advisory (which people tend to neglect these days), the flaw allow's a crafted pdf (portable document format) file to run arbitrary code on the system.

Taking for granted that this will only run with the privilages of the user whom opened the docuement, this (and in my friends case) can be a drastic kick in the no no spots to anybody whom operates constantly as root (and many generally do).

Anyway's i shall not ramble about security in general but anybody running the stated releases of RedHat and wishes to fix this issue should go to
ftp://updates.redhat.com/'release.number'/en/os/i386/*

Typedef · 08-02-2003 5:13pm

Originally posted by P3nfold

Taking for granted that this will only run with the privilages of the user whom opened the docuement, this (and in my friends case) can be a drastic kick in the no no spots to anybody whom operates constantly as root (and many generally do).

Anybody who runs X as root deserves everything they get to be honest.

Let nobody say (thou hast not been warned), and all that bumpf.

P3nfold · 08-02-2003 7:24pm

I second that motion, the only time you should be logged in as root is to perform any task that needs to be run while logged in as root. I wouldn't be too enthusiastic idling about on irc as root and using the root accout as a standard user account. But unfortunately people usually do...

xPdf integer overflow

Comments