[<prev] [next>] [day] [month] [year] [list]
Message-ID: <12011592375.20020719152950@elcomsoft.com>
From: vkatalov at elcomsoft.com (vkatalov@...omsoft.com)
Subject: Vulnerability found: Adobe Acrobat eBook Reader and Content Server
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
Product Vulnerability Reporting Form
CONTACT INFORMATION
===============================================================================
Name : Vladimir Katalov
E-mail : info@...omsoft.com
Phone / fax : +7 095 216-7937
+1 866 448-2703 (fax; US, toll-free)
Affiliation and address: 2-171 generala Antonova st.
Moscow 117279
Russia
Have you reported this to the vendor?
Yes (the vendor has not replied).
TECHNICAL INFO
===============================================================================
Details on the vulnerability
- ----------------------------
An eBook (electronic book) is simply a file that contains text and images
- as in usual (printed) book, but with additional features such as
hyperlinks (cross-references), searching capabilities and sometimes
sounds/music. To read an eBook, you should have a PC with an appropriate
software, or a special hardware device.
Adobe Content Server (http://www.adobe.com/products/contentserver/) makes it
easy for you to sell electronic books (eBooks) securely online. Adobe Content
Server packages and protects eBooks and distributes them in PDF format
directly from any Web site. Anyone with the free Adobe Acrobat eBook Reader
(http://www.adobe.com/products/ebookreader/) can purchase your content with
ease. That technology allows to enable or disable the following consumer
permissions: copy text to clipboard, print all or a defined number of pages,
lending, expiration, and text to speech. When the file is encrypted, special
master voucher for its distribution is being created. The master voucher is
a separate, XML-based file that contains an encrypted key to the eBook and
the set of privileges that accompany it. When a customer purchases an Adobe
PDF eBook directly from an e-commerce site, it's automatically downloaded
into the customer's personal Acrobat eBook Reader library for immediate
viewing. Acrobat eBook Reader unlocks the encrypted key that came with the
eBook and its master voucher. Now the eBook is tied to the customer's Acrobat
eBook Reader and can't be transmitted elsewhere unless lending or gifting
permission has been enabled.
The voucher also contains permissions (given by the publisher) for all the
books: whether or not you can print and copy portions of a book; the publisher
may allow you to print only a limited number of pages or to copy a limited
number of selections in a given time period. The Acrobat eBook Reader keeps
track of your printing and copying. When you print or copy, a dialog box tells
you how much printing or copying you have done and asks whether you want to
proceed. In addition, if the publisher allows, you can give or lend the book to
someone else.
1. Copy/print: if printing and/or copying is allowed, but limited (the typical
limitation is: you can print 10 pages in 10 days, or copy 10 portions of
the text to the Clipboard in 10 days), these limitations can be defeated.
Just create backup copies of the following files from Adobe Acrobat eBook
Reader folder:
Data\Vouchers\*.*
Data\GB.dbd
Data\Category.etb
Data\Library*.etb
Data\Library*.vld
After copying or printing in Adobe Acrobat eBook Reader, just restore these
files from backup, and copy/print limitations will be back to the status as
if you have not copied or printed anything at all.
2. Lend/give: if these operations are allowed by the publisher, you can
backup the above mentioned files, perform Lend/Give, and restore the
files. The book(s) will remain in your lirbary, while the recipient
(you gave the book to) will also have a copy.
The impact of this vulnerability
- --------------------------------
With [1], the owner of the book can copy/print unlimited number of portions
of the book, ignoring the limitations set by the publisher.
With [2], it is possible to create multiple copies (as many as you want) of
any book (the 'Give' function is enabled for): make the backup; give it to
someone else through network or IR port; restore from backup; give to the
next recipient etc.
Systems and/or configurations that are vulnerable
- -------------------------------------------------
All versions of Adobe Content Server, and at least Windows version of
Adobe Acrobat eBook Reader.
Workarounds and/or fixes for this vulnerability
- -----------------------------------------------
Not available. Though it is not very hard to implement a workaround by
keeping and validating the checksum or digital singnature of the whole
vouchers file (not only individual vouchers). For that, however,
both Adobe Acrobat eBook Reader and Adobe Content Server should
be seriously upated.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQEVAwUAPTfsT4avf/iY3ldlAQEDtQgAn7NNvstQnqRs761Q0SNIo7SgSEO9V0Gn
oSzuAFyBQHlqpnDBRSpBowKfjcnPOANzXBiaXsJ4ebzRHVxLFatGdg+MCFRujF3d
sUGQf3dM7V1rgNY7sjStsLsraJ0Ku+JSi4Ol4hQH19upmFXki0BnRMPjoGlxumr7
Ii+TSL0F4/Z8zcLtfl6PyAkGc0vKMNrYhWVZp/fc9GMRiI62MU0mZ2utHiuxF7JO
gaQP0q5nFr40WTL1SIVfI4+YnLaErs5Sq4PVsn+7MgcoFGvjI6i8FxVT6Yj7BlWe
BszoBYcm3jNiQ2uay9QhKAMNG+wXsyyJytpS/NeQhnv/MuuRZ+G4qQ==
=Yll/
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists