Security advisory: Xpdf buffer overflow
From KnowledgeTree Community
Contents |
Security Alert
The KnowledgeTree Stack contains its own Xpdf binary used to extract indexing data from PDF files and is therefore affected by certain Xpdf vulnerabilities.
We have recently been notified of one such vulnerability which may be used to gain remote access to a server. The vulnerability may be exploited by uploading PDF documents containing malicious code.
Affected Versions
All KnowledgeTree Commercial and Open Source releases prior to, and including, 3.5.1.
Impact assessment
Especially crafted PDF files could result in a system compromise.
Workaround
Instructions on how to temporarily disable PDF indexing:
- Open your < Path to KnowledgeTree directory>/config.ini file in a text editor
- Locate the following line:
pdftotext = <Path to KnowledgeTree directory>/common/bin/pdftotext
- Change the line to the following:
;pdftotext = <Path to KnowledgeTree directory>/common/bin/pdftotext
(Add a ; character in front of the line).
- Save and exit.
Note that PDF files will no longer be indexed and will therefore not be searchable.
Bookmark this page:
del.icio.us
digg
reddit
facebook
stumbleupon
del.icio.us
digg
reddit
facebook
stumbleupon
