Note: This is an archival copy of Security Sun Alert 200778 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000595.1.
Article ID : 1000595.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

On Sun Linux, an Unauthorized Remote User May be Able to Execute Arbitrary Commands With the "xpdf" User's Privileges

Category
Security

Release Phase
Resolved

Bug Id
4880560

Date of Workaround Release
02-JUL-2003

Date of Resolved Release
04-SEP-2003

On Sun Linux 5.0, a local or remote unprivileged user ...

1.Impact

On Sun Linux 5.0, a local or remote unprivileged user may be able to execute arbitrary commands with the privileges of the "xpdf" user if a local unprivileged user clicks on malicious hyperlinks in specifically crafted PDF documents.

This issue is described in Red Hat Advisory RHSA-2003:196-07, available at https://rhn.redhat.com/errata/RHSA-2003-196.html and CVE CAN-2003-0434, available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0434.


2. Contributing Factors

This issue can occur in the following releases:

Sun Linux

  • Sun Linux 5.0 (LX50) with xpdf-0.92-9 or earlier

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.

Note: The currently installed version of "xpdf" can by displayed be issuing the "rpm -q xpdf" command.


3. Symptoms

There are no reliable symptoms that would show the described issue has been exploited.


4. Workaround

To work around the described issue, revoke access to the "xpdf" application by issuing the following command as a root user: 

    # chmod 000 /usr/bin/xpdf

Once the described issue has been resolved, access rights to to the "xpdf" application can be restored by issuing the following command as a root user: 

    # chmod 755 /usr/bin/xpdf

5. Resolution

This issue is addressed in the following releases:

Sun Linux

  • Sun Linux 5.0 (LX50) with xpdf-0.92-10.i386.rpm or later

Sun Linux patches are available at: http://sunsolve.sun.com/patches/linux/security.html.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Modification History
04-SEP-2003: Resolved.



Product
Sun Linux 5.0























Attachments
This solution has no attachment