Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: n-107.txt

UNIX PDF Readers Malicious Hyperlinks Vulnerability (CIAC N-107)


                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___

                             INFORMATION BULLETIN

             UNIX PDF readers/viewers Malicious Hyperlinks Vulnerability

June 19, 2003 18:00 GMT                                           Number N-107
[Revised 07 July 03]
[Revised 17 July 03]
PROBLEM:       A vulnerability in various UNIX PDF readers/viewers has been 
               found where remote attackers could embed malicious external-type
               hyperlinks in PDF files allowing access to a victim's system.
               This applies only to PDF readers on UNIX/Linux systems.
               Readers on Windows and Macintosh systems are not vulnerable.
PLATFORM:      - Red Hat Linux versions: 9.0, 8.0, 7.3, 7.2, and 7.1 
               - Sun Linux v5.0 (See Sun's Alert Notification)
               - Sun Solaris    (no patch information yet)
               - HP/UX          (no patch information yet) 
               - AIX            (no patch information yet)
DAMAGE:        If a victim clicks on a malicious hyperlink, an attacker could
               execute arbitrary shell commands with the victim's privileges.
SOLUTIONS:     - Apply vendor patches when available. 
               - Upgrade to Adobe Reader v5.07 or XPDF 2.02 pl1 (open-source 
               - Monitor CERT's Vulnerability Note VU#200132 for updated vendor 
VULNERABILITY  The risk is MEDIUM. This vulnerability is possible because some
ASSESSMENT:    UNIX/Linux PDF readers/viewers spawn external programs to
               handle hyperlinks by invoking the shell command interpreter.
                     Adobe Reader:

Revision History:  
7/7/03  - Added Sun's Alert link.
7/17/03 - Updated Red Hat Advisory for release of 2nd round of updated packages.

[******  Start of Red Hat, Inc. RHSA-2003:196-13 ******]

Updated Xpdf packages fix security vulnerability

Advisory: RHSA-2003:196-13 
Last updated on: 2003-07-17 
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9 
CVEs ( CAN-2003-0434


Updated Xpdf packages are available that fix a vulnerability where a
malicious PDF document could run arbitrary code.

[Updated 16 July 2003]
Updated packages are now available, as the original errata packages did not
fix all possible ways of exploiting this vulnerability.

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
attacker can embed malicious external-type hyperlinks that, if activated or
followed by a victim, can execute arbitrary shell commands. The Common
Vulnerabilities and Exposures project ( has assigned the name
CAN-2003-0434 to this issue.

All users of Xpdf are advised to upgrade to these errata packages, which
contain a backported security patch that corrects this issue.

Updated packages:

Red Hat Linux 7.1 

[ via FTP ] [ via HTTP ]     dfdc27db65d2706554a3a35a1e4c7e0a 
[ via FTP ] [ via HTTP ]     56083c770c865432ee611c64cffa42f6 
Red Hat Linux 7.2 

[ via FTP ] [ via HTTP ]     936f5aad703113ac64b3ebd608c21f48 
[ via FTP ] [ via HTTP ]     3b37ceb7ac361a02b60dddf011a5f58d 
[ via FTP ] [ via HTTP ]     ef4ed48238c8d9bfb7125311aea1d000 
Red Hat Linux 7.3 

[ via FTP ] [ via HTTP ]     bbbca3b1e966cfbfbf4d05934f289a11 
[ via FTP ] [ via HTTP ]     5120b76b6af8c48a3311f3d69a3cdaa0 
[ via FTP ] [ via HTTP ]     ddd9c3f4413e16dac99787715d735c44 
[ via FTP ] [ via HTTP ]     466a0f0dd7b872ae52458bd395e79d7a 
[ via FTP ] [ via HTTP ]     37390017f6ace8b30b0f5eec13dc31a6 
[ via FTP ] [ via HTTP ]     58806d04ec73add2c288b522f792dada 
Red Hat Linux 8.0 

[ via FTP ] [ via HTTP ]     d067a494ef6880548e68921d6d8f93a2 
[ via FTP ] [ via HTTP ]     ee5f74ddc384aa52d3d87aa215f4adf2 
[ via FTP ] [ via HTTP ]     bd0f09fcdb6530d5ea00f0e5812094b3 
[ via FTP ] [ via HTTP ]     1d1fd8d47f01c2288d0e265d1b3f8307 
[ via FTP ] [ via HTTP ]     5eb08e7781c8a6f347f1f0b9c6c777c7 
[ via FTP ] [ via HTTP ]     3afffdb1cfb92d5755cb804bfae1a3c4 
Red Hat Linux 9 

[ via FTP ] [ via HTTP ]     afb14526ec5cdfe9b0ffb95dc2c63709 
[ via FTP ] [ via HTTP ]     142e668bb198b78e25db0202e5b04e04 
[ via FTP ] [ via HTTP ]     ef59838e701dc44fcaf6606a4b478377 
[ via FTP ] [ via HTTP ]     d96168e7862b86e7a81a36afabdfb25d 
[ via FTP ] [ via HTTP ]     a805a60fddeb36df6d0ccf79e22199a7 
[ via FTP ] [ via HTTP ]     98208ce3a9324b4a9cc9274d807b26e0 


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:


This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Bugs fixed:  (see bugzilla for more information)

79680 - xpdf packaging issues


The listed packages are GPG signed by Red Hat, Inc. for security. Our key is 
available at: 
You can verify each package and see who signed it with the following command:

rpm --checksig -v filename 
If you only wish to verify that each package has not been corrupted or tampered 
with, examine only the md5sum with the following command:

md5sum filename 
The Red Hat security contact is More contact details at
Copyright  2002 Red Hat, Inc. All rights reserved. 

[******  End of Red Hat, Inc. RHSA-2003:196-13 ******]

CIAC wishes to acknowledge the contributions of Red Hat, Inc. and CERT for the
information contained in this bulletin.

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:
   Anonymous FTP:

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

N-097: Red Hat Updated Tcpdump Packages
N-098: Microsoft Cumulative Patch for Internet Information Service (IIS)
N-099: Apache 2.0.46 Release Fixes Security Vulnerabilities
N-100: Microsoft Windows Media Services ISAPI Extenstion Flaw
N-101: Microsoft Cumulative Patch for Internet Explorer (IE)
N-102: Hewlett-Packard Potential Security Vulnerabilities in CDE
N-103: Sun ONE Application Server May Disclose JavaServer Pages (JSP) Source
N-104: Red Hat Updated KDE packages
N-105: Sun "/usr/lib/utmp_update" Command Buffer Overflow Vulnerability
N-106: SGI Websetup/Webmin Security Vulnerability

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH