thr3ads.net - Secure testing team - [Secure-testing-team] Bug#641941: xpdf reads the xpdfrc file in the current directory [Sep 2011]

If this information is useful, please help other people find it:
Share via:

Vincent Lefevre

2011-Sep-18 00:45 UTC

[Secure-testing-team] Bug#641941: xpdf reads the xpdfrc file in the current directory

Package: xpdf
Version: 3.03-4
Severity: grave
Tags: security
Justification: user security hole

xpdf reads the xpdfrc in the current directory instead of
/etc/xpdf/xpdfrc. This is sufficient to introduce a security hole
(for instance, urlCommand could be set by the attacker to some
executable he wishes...).

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''testing''), (500, ''stable''), (1,
''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xpdf depends on:
ii  lesstif2      1:0.95.2-1
ii  libc6         2.13-21   
ii  libgcc1       1:4.6.1-11
ii  libpoppler13  0.16.7-2  
ii  libstdc++6    4.6.1-11  
ii  libx11-6      2:1.4.4-1 
ii  libxt6        1:1.1.1-2 

Versions of packages xpdf recommends:
ii  gsfonts-x11    0.22    
ii  poppler-data   0.4.5-2 
ii  poppler-utils  0.16.7-2

xpdf suggests no packages.

-- no debconf information

Secure testing team - Sep 2011 - Bug#641941: xpdf reads the xpdfrc file in the current directory

[Secure-testing-team] Bug#641941: xpdf reads the xpdfrc file in the current directory