Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

xPdf integer overflow

  • 08-02-2003 9:23am
    #1
    Closed Accounts Posts: 62 ✭✭


    Recently my friend's system was comprimised due to the flaw in the xpdf viewer default for Redhat 6.2 through to 8.0. Accordaning to the advisory (which people tend to neglect these days), the flaw allow's a crafted pdf (portable document format) file to run arbitrary code on the system.

    Taking for granted that this will only run with the privilages of the user whom opened the docuement, this (and in my friends case) can be a drastic kick in the no no spots to anybody whom operates constantly as root (and many generally do).

    Anyway's i shall not ramble about security in general but anybody running the stated releases of RedHat and wishes to fix this issue should go to
    ftp://updates.redhat.com/'release.number'/en/os/i386/*


Comments

  • Closed Accounts Posts: 5,564 ✭✭✭Typedef


    Originally posted by P3nfold

    Taking for granted that this will only run with the privilages of the user whom opened the docuement, this (and in my friends case) can be a drastic kick in the no no spots to anybody whom operates constantly as root (and many generally do).

    Anybody who runs X as root deserves everything they get to be honest.

    Let nobody say (thou hast not been warned), and all that bumpf.


  • Closed Accounts Posts: 62 ✭✭P3nfold


    I second that motion, the only time you should be logged in as root is to perform any task that needs to be run while logged in as root. I wouldn't be too enthusiastic idling about on irc as root and using the root accout as a standard user account. But unfortunately people usually do...


Advertisement