Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks
2003-06-18T00:00:00
ID VU:200132 Type cert Reporter CERT Modified 2003-09-26T00:00:00
Description
Overview
A vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system.
Description
Adobe Systems Incorporated describes PDF (Portable Document Format) as "a universal file format that preserves the fonts, images, graphics, and layout of any source document, regardless of the application and platform used to create it." A viewer such as Adobe Reader or Xpdf is needed to view a document encoded in PDF. Various PDF viewers are widely deployed on the Internet. Quoting from the Adobe Systems Incorporated web site:
Governments and enterprises around the world have adopted PDF to streamline document management, increase productivity, and reduce reliance on paper....An open file format specification, PDF is available to anyone who wants to develop tools to create, view, or manipulate PDF documents. Indeed, more than 1,800 vendors offer PDF-based solutions, ensuring that organizations that adopt the PDF standard have a variety of tools to leverage the Portable Document Format and to customize document processes.
When a victim clicks on a hyperlink contained within a malicious PDF file, an attacker may be able to execute arbitrary commands with the privileges of the victim. This is possible because some UNIX and Linux PDF readers/viewers spawn external programs to handle hyperlinks by invoking the shell command interpreter.
Impact
A remote attacker may be able to execute arbitrary commands with the privileges of the victim.
Solution
Apply a patch when available.
Systems Affected
Vendor| Status| Date Notified| Date Updated
---|---|---|---
Adobe Systems Incorporated| | 08 May 2003| 18 Jun 2003
Conectiva| | 15 May 2003| 22 Sep 2003
Debian| | 15 May 2003| 19 May 2003
MandrakeSoft| | 15 May 2003| 14 Jul 2003
Red Hat Inc.| | 15 May 2003| 19 Jun 2003
Sun Microsystems Inc.| | 15 May 2003| 17 Jun 2003
Xpdf| | 20 May 2003| 17 Jun 2003
Apple Computer Inc.| | -| 18 Jun 2003
Fujitsu| | 15 May 2003| 08 Aug 2003
Hitachi| | 15 May 2003| 18 Jun 2003
Ingrian Networks| | 15 May 2003| 23 May 2003
Microsoft Corporation| | 15 May 2003| 19 May 2003
NEC Corporation| | 15 May 2003| 16 Jun 2003
Nortel Networks| | 15 May 2003| 14 Jul 2003
Xerox Corporation| | 15 May 2003| 14 Jul 2003
If you are a vendor and your product is affected, let us know.
{"enchantments": {"vulnersScore": 7.5}, "reporter": "CERT", "id": "VU:200132", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "published": "2003-06-18T00:00:00", "history": [], "description": "### Overview\n\nA vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system.\n\n### Description\n\nAdobe Systems Incorporated [_describes_](<http://www.adobe.com/products/acrobat/adobepdf.html>) PDF (Portable Document Format) as \"a universal file format that preserves the fonts, images, graphics, and layout of any source document, regardless of the application and platform used to create it.\" A viewer such as [_Adobe Reader_](<http://www.adobe.com/products/acrobat/readermain.html>) or [_Xpdf_](<http://www.foolabs.com/xpdf/about.html>) is needed to view a document encoded in PDF[](<http://www.foolabs.com/xpdf/about.html>). Various PDF viewers are widely deployed on the Internet. Quoting from the Adobe Systems Incorporated [_web site_](<http://www.adobe.com/products/acrobat/adobepdf.html>): \n\nGovernments and enterprises around the world have adopted PDF to streamline document management, increase productivity, and reduce reliance on paper....An open file format specification, PDF is available to anyone who wants to develop tools to create, view, or manipulate PDF documents. Indeed, more than 1,800 vendors offer PDF-based solutions, ensuring that organizations that adopt the PDF standard have a variety of tools to leverage the Portable Document Format and to customize document processes. \n\n\nWhen a victim clicks on a hyperlink contained within a malicious PDF file, an attacker may be able to execute arbitrary commands with the privileges of the victim. This is possible because some UNIX and Linux PDF readers/viewers spawn external programs to handle hyperlinks by invoking the shell command interpreter. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary commands with the privileges of the victim. \n \n--- \n \n### Solution\n\nApply a patch when available. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nAdobe Systems Incorporated| | 08 May 2003| 18 Jun 2003 \nConectiva| | 15 May 2003| 22 Sep 2003 \nDebian| | 15 May 2003| 19 May 2003 \nMandrakeSoft| | 15 May 2003| 14 Jul 2003 \nRed Hat Inc.| | 15 May 2003| 19 Jun 2003 \nSun Microsystems Inc.| | 15 May 2003| 17 Jun 2003 \nXpdf| | 20 May 2003| 17 Jun 2003 \nApple Computer Inc.| | -| 18 Jun 2003 \nFujitsu| | 15 May 2003| 08 Aug 2003 \nHitachi| | 15 May 2003| 18 Jun 2003 \nIngrian Networks| | 15 May 2003| 23 May 2003 \nMicrosoft Corporation| | 15 May 2003| 19 May 2003 \nNEC Corporation| | 15 May 2003| 16 Jun 2003 \nNortel Networks| | 15 May 2003| 14 Jul 2003 \nXerox Corporation| | 15 May 2003| 14 Jul 2003 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23200132 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.adobe.com/products/acrobat/adobepdf.html>\n * <http://www.adobe.com/products/acrobat/readermain.html>\n * <http://www.foolabs.com/xpdf/about.html>\n * <http://www.secunia.com/advisories/9037/>\n * <http://www.secunia.com/advisories/9038/>\n\n### Credit\n\nThis vulnerability was discovered by Martyn Gilmore. The CERT/CC thanks Martyn, Adobe, and the folks responsible for the Xpdf project.\n\nThis document was written by Ian A Finlay.\n\n### Other Information\n\n * CVE IDs: [CAN-2003-0434](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0434>)\n * Date Public: 13 Jun 2003\n * Date First Published: 18 Jun 2003\n * Date Last Updated: 26 Sep 2003\n * Severity Metric: 37.97\n * Document Revision: 26\n\n", "bulletinFamily": "info", "viewCount": 0, "cvelist": ["CVE-2003-0434", "CVE-2003-0434"], "type": "cert", "hash": "225f287b828ea3428dbbabbed1c653ad40c6858eee843634e541bb733d930d51", "references": ["http://www.secunia.com/advisories/9037/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0434", "http://www.foolabs.com/xpdf/about.html", "http://www.foolabs.com/xpdf/about.html", "http://www.foolabs.com/xpdf/about.html", "http://www.adobe.com/products/acrobat/readermain.html", "http://www.adobe.com/products/acrobat/readermain.html", "http://www.adobe.com/products/acrobat/adobepdf.html", "http://www.adobe.com/products/acrobat/adobepdf.html", "http://www.adobe.com/products/acrobat/adobepdf.html", "http://www.secunia.com/advisories/9038/"], "title": "Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks", "href": "https://www.kb.cert.org/vuls/id/200132", "lastseen": "2016-02-03T09:12:23", "edition": 1, "objectVersion": "1.2", "modified": "2003-09-26T00:00:00"}
{"result": {"cve": [{"id": "CVE-2003-0434", "type": "cve", "title": "CVE-2003-0434", "description": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.", "published": "2003-07-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0434", "cvelist": ["CVE-2003-0434"], "lastseen": "2017-10-11T11:05:49"}], "exploitdb": [{"id": "EDB-ID:22771", "type": "exploitdb", "title": "Adobe Acrobat Reader UNIX 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution", "description": "Adobe Acrobat Reader (UNIX) 5.0 6,Xpdf 0.9x Hyperlinks Arbitrary Command Execution. CVE-2003-0434. Remote exploit for linux platform", "published": "2003-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22771/", "cvelist": ["CVE-2003-0434"], "lastseen": "2016-02-02T19:29:59"}], "redhat": [{"id": "RHSA-2003:197", "type": "redhat", "title": "(RHSA-2003:197) xpdf security update", "description": "Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers. An\nattacker can embed malicious external-type hyperlinks that if activated or\nfollowed by a victim can execute arbitrary shell commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these errata packages, which\ncontain a patch correcting this issue.", "published": "2003-06-18T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2003:197", "cvelist": ["CVE-2003-0434"], "lastseen": "2018-03-28T01:00:56"}], "nessus": [{"id": "REDHAT-RHSA-2003-197.NASL", "type": "nessus", "title": "RHEL 2.1 : xpdf (RHSA-2003:197)", "description": "Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code.\n\n[Updated 21 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF) files.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers.\nAn attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these errata packages, which contain a patch correcting this issue.", "published": "2004-07-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12402", "cvelist": ["CVE-2003-0434"], "lastseen": "2017-10-29T13:45:17"}, {"id": "MANDRAKE_MDKSA-2003-071.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : xpdf (MDKSA-2003:071-1)", "description": "Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document.\n\nUpdate :\n\nNew packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue.", "published": "2004-07-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14054", "cvelist": ["CVE-2003-0434"], "lastseen": "2017-10-29T13:39:53"}], "osvdb": [{"id": "OSVDB:9293", "type": "osvdb", "title": "Multiple PDF Viewers Embedded Hyperlink Shell Metacharacter Command Execution", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.adobe.com/\nSecurity Tracker: 1006989\nSecurity Tracker: 1006988\nRedHat RHSA: RHSA-2003:197\nISS X-Force ID: 12323\n[CVE-2003-0434](https://vulners.com/cve/CVE-2003-0434)\nCIAC Advisory: n-107\nCERT VU: 200132\nBugtraq ID: 7912\n", "published": "2003-06-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:9293", "cvelist": ["CVE-2003-0434"], "lastseen": "2017-04-28T13:20:04"}]}}
