Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Oct 2014, 06:01
All times are UTC - 4
 Forum index » Off-Topic Area » Security
The real dangers of PDF executable trickery
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [7 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Sat 10 Apr 2010, 22:45    Post subject:  The real dangers of PDF executable trickery  

I can't tell from this article if the exploit only works on Adobe pdf readers for Windows.
Quote:
The beauty of Didier’s proof of concept is that he discovered a method to execute an embedded executable within a PDF file without utilizing any JavaScript and without having to exploit any vulnerabilities.
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sun 11 Apr 2010, 00:06    Post subject:  

It theoretically works in Linux. It depends on the PDF viewer. From what I understand, most Linux PDF viewers don't support the particular feature that was used. But there is no reason why they couldn't.

Of course, a PDF that was designed to attack a Windows machine would generally be harmless on a Linux machine, and vice versa.


What I don't understand is why PDF even has that feature. It's retarded. Documents don't need to be able to execute commands.

Thanks for posting this, by the way. In my network security class we have to do a number of lab additions where we add a section to the lab assignments. (It's "optional", but required for an A). We've been having bad luck making things work on the lab machines lately. I have a good feeling about this one though. (And we only need this last addition.)

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Sun 11 Apr 2010, 12:39    Post subject:  

Pizzasgood wrote:

What I don't understand is why PDF even has that feature. It's retarded. Documents don't need to be able to execute commands.

Don't think of a PDF as a document. Think of it as a container. It's generally used for documents, but can be more broadly applied.

Adobe embeds a variant of JavaScript called ActionScript in PDF viewers, and it's possible to have interactivity rather than a static document. There are PDFs that can serve as "fill in the blanks" forms, where the user can open the PDF and use drop down selection boxes and text entry to fill out an electronic form which can then be submitted back the the originator.

As "rich media" becomes more pervasive, we'll see more of this. I'm waiting for the first ePub exploit.

I'm not as worried about this one as others might be, as it still requires action on the user's part to run the malicious code. (Yes, I know. There are lots of gullible users out there...) I can't do anything about other people's stupidity. I can be careful about what I download and open, and PDFs are on the list of "Only from trusted sources".
______
Dennis
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3382
Location: Oregon

PostPosted: Sun 11 Apr 2010, 13:04    Post subject:  

Pizzasgood wrote:
It theoretically works in Linux. It depends on the PDF viewer. From what I understand, most Linux PDF viewers don't support the particular feature that was used. But there is no reason why they couldn't.

Of course, a PDF that was designed to attack a Windows machine would generally be harmless on a Linux machine, and vice versa.


What I don't understand is why PDF even has that feature. It's retarded. Documents don't need to be able to execute commands.

Thanks for posting this, by the way. In my network security class we have to do a number of lab additions where we add a section to the lab assignments. (It's "optional", but required for an A). We've been having bad luck making things work on the lab machines lately. I have a good feeling about this one though. (And we only need this last addition.)


Well, I got a PDF file in Windows from a government agency that was a :""fill in the blanks" type".
It would come up with adobe reader in IE8 and you would fill it out and then Print it. You could not save the completed form.
But there are uses for PDF files with executables.
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sun 11 Apr 2010, 18:57    Post subject:  

My point is that most documents don't need to be active, so they could use a static format. An active format with a different extension could be used by only the "documents" that actually need it. That way people would be naturally more paranoid, because before they even click on the file, they would see the icon (and maybe extension) and say, "Wait, that's one of them funny ones. Why does it need to be funny? What's it up to? Do I trust them?"

There should not be a requirement to trust the average document. It is just a document. The only threats it should pose are buffer overflows and boredom. Maybe epileptic seizures.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Sun 11 Apr 2010, 20:15    Post subject:  

DMcCunney wrote:
... I can be careful about what I download and open, and PDFs are on the list of "Only from trusted sources"...

If I understood the article correctly, one thing this "feature" could do is infect every pdf file visible to a computer, without the user's knowledge. If so, then an embedded executable could spread itself quickly throughout a "trusted" pdf repository from just one bad pdf file.
Back to top
View user's profile Send private message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Mon 12 Apr 2010, 19:15    Post subject:  

Flash wrote:
DMcCunney wrote:
... I can be careful about what I download and open, and PDFs are on the list of "Only from trusted sources"...

If I understood the article correctly, one thing this "feature" could do is infect every pdf file visible to a computer, without the user's knowledge. If so, then an embedded executable could spread itself quickly throughout a "trusted" pdf repository from just one bad pdf file.

Unlikely. Remember, this isn't a "drive by install", like you can get running Internet Explorer in Windows and picking up a malicious Active-X control. The user must open the PDF and agree to the execution of the code. (Though they won't know precisely what they're agreeing to.)

"Trusted repositories" will be Internet facing servers, and probably running Linux. How is this execution supposed to occur?

I treat reports like this in the same way every time I see one, and say "Okay. This is an exploit. How likely is it to actually occur?" Most of them fall into the "Not likely enough for me to lose sleep over it" category until I see something that raises the threat level. I'm not especially worried about this one.
______
Dennis
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0977s ][ Queries: 12 (0.0359s) ][ GZIP on ]