lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <12011592375.20020719152950@elcomsoft.com>
From: vkatalov at elcomsoft.com (vkatalov@...omsoft.com)
Subject: Vulnerability found: Adobe Acrobat eBook Reader and Content Server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5


                Product Vulnerability Reporting Form


CONTACT INFORMATION
===============================================================================

 Name                   : Vladimir Katalov
 E-mail                 : info@...omsoft.com
 Phone / fax            : +7 095 216-7937
                          +1 866 448-2703 (fax; US, toll-free)
 Affiliation and address: 2-171 generala Antonova st.
                          Moscow 117279
                          Russia


Have you reported this to the vendor?

  Yes (the vendor has not replied).


TECHNICAL INFO
===============================================================================

Details on the vulnerability
- ----------------------------

  An eBook (electronic book) is simply a file that contains text and images
  - as in usual (printed) book, but with additional features such as
  hyperlinks (cross-references), searching capabilities and sometimes
  sounds/music. To read an eBook, you should have a PC with an appropriate
  software, or a special hardware device.

  Adobe Content Server (http://www.adobe.com/products/contentserver/) makes it
  easy for you to sell electronic books (eBooks) securely online. Adobe Content
  Server packages and protects eBooks and distributes them in PDF format
  directly from any Web site. Anyone with the free Adobe Acrobat eBook Reader
  (http://www.adobe.com/products/ebookreader/) can purchase your content with
  ease. That technology allows to enable or disable the following consumer
  permissions: copy text to clipboard, print all or a defined number of pages,
  lending, expiration, and text to speech. When the file is encrypted, special
  master voucher for its distribution is being created. The master voucher is
  a separate, XML-based file that contains an encrypted key to the eBook and
  the set of privileges that accompany it. When a customer purchases an Adobe
  PDF eBook directly from an e-commerce site, it's automatically downloaded
  into the customer's personal Acrobat eBook Reader library for immediate
  viewing. Acrobat eBook Reader unlocks the encrypted key that came with the
  eBook and its master voucher. Now the eBook is tied to the customer's Acrobat
  eBook Reader and can't be transmitted elsewhere unless lending or gifting
  permission has been enabled.

  The voucher also contains permissions (given by the publisher) for all the
  books: whether or not you can print and copy portions of a book; the publisher
  may allow you to print only a limited number of pages or to copy a limited
  number of selections in a given time period. The Acrobat eBook Reader keeps
  track of your printing and copying. When you print or copy, a dialog box tells
  you how much printing or copying you have done and asks whether you want to
  proceed. In addition, if the publisher allows, you can give or lend the book to
  someone else.

  1. Copy/print: if printing and/or copying is allowed, but limited (the typical
     limitation is: you can print 10 pages in 10 days, or copy 10 portions of
     the text to the Clipboard in 10 days), these limitations can be defeated.
     Just create backup copies of the following files from Adobe Acrobat eBook
     Reader folder:

     Data\Vouchers\*.*
     Data\GB.dbd
     Data\Category.etb
     Data\Library*.etb
     Data\Library*.vld

     After copying or printing in Adobe Acrobat eBook Reader, just restore these
     files from backup, and copy/print limitations will be back to the status as
     if you have not copied or printed anything at all.

  2. Lend/give: if these operations are allowed by the publisher, you can
     backup the above mentioned files, perform Lend/Give, and restore the
     files. The book(s) will remain in your lirbary, while the recipient
     (you gave the book to) will also have a copy.

The impact of this vulnerability
- --------------------------------

  With [1], the owner of the book can copy/print unlimited number of portions
  of the book, ignoring the limitations set by the publisher.

  With [2], it is possible to create multiple copies (as many as you want) of
  any book (the 'Give' function is enabled for): make the backup; give it to
  someone else through network or IR port; restore from backup; give to the
  next recipient etc.


Systems and/or configurations that are vulnerable
- -------------------------------------------------

  All versions of Adobe Content Server, and at least Windows version of
  Adobe Acrobat eBook Reader.


Workarounds and/or fixes for this vulnerability
- -----------------------------------------------

  Not available. Though it is not very hard to implement a workaround by
  keeping and validating the checksum or digital singnature of the whole
  vouchers file (not only individual vouchers). For that, however,
  both Adobe Acrobat eBook Reader and Adobe Content Server should
  be seriously upated.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPTfsT4avf/iY3ldlAQEDtQgAn7NNvstQnqRs761Q0SNIo7SgSEO9V0Gn
oSzuAFyBQHlqpnDBRSpBowKfjcnPOANzXBiaXsJ4ebzRHVxLFatGdg+MCFRujF3d
sUGQf3dM7V1rgNY7sjStsLsraJ0Ku+JSi4Ol4hQH19upmFXki0BnRMPjoGlxumr7
Ii+TSL0F4/Z8zcLtfl6PyAkGc0vKMNrYhWVZp/fc9GMRiI62MU0mZ2utHiuxF7JO
gaQP0q5nFr40WTL1SIVfI4+YnLaErs5Sq4PVsn+7MgcoFGvjI6i8FxVT6Yj7BlWe
BszoBYcm3jNiQ2uay9QhKAMNG+wXsyyJytpS/NeQhnv/MuuRZ+G4qQ==
=Yll/
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ