Alerts This Week
Warning Icon 1 872
Alerts This Week
Warning Icon 1 872

Gentoo Linux: 200306-11 Critical: xpdf Remote Code Execution Threat

gentoo
Calendar Grey June 27, 2003
Dist Gentoo Esm H88
Gentoo releases a security announcement concerning flaws in xpdf, potentially granting the execution of arbitrary code via specially designed PDF hyperlinks. Key information condensed.
Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-11


from advisory: 
"Valid PDF files can contain malicious external-type hyperlinks that can 
execute arbitrary shell commands underneath Unix with various PDF 
viewers/readers.

The hyperlinks must be activated or followed for the malicious script 
to run.  The obvious case is for a user to click on one. "

Read the full advisory at 
http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/xpdf upgrade to xpdf-2.02.1 as follows

emerge sync
emerge xpdf
emerge clean

aliz@gentoo.org - GnuPG key is available at

Topics%20covered

Topics Covered

security advisory arbitrary code execution remote threat gentoo linux pdf exploitation

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : xpdf
SUMMARY : arbitrary code execution
DATE : 2003-06-25 21:48 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =xpdf-2.02.1
CVE : CAN-2003-0434

Topics%20covered

Topics Covered

security advisory arbitrary code execution remote threat gentoo linux pdf exploitation

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here