An anonymous member of a security mailing list on Friday posted an advisory that was taken from the CERT Coordination Center. The advisory, which concerns a flaw in some Adobe PDF file readers, is in the format of a submission from a researcher to CERT, not that of a bulletin from CERT to the general public.
This researcher, who goes by the handle Hack4life, on several previous occasions has posted CERT bulletins before the center was ready to release them. In each case, including Fridays posting, the bulletins have appeared on the Full Disclosure mailing list.
Officials at CERT, based at Carnegie Mellon University in Pittsburgh, said the information in Hack4lifes posting came from a communication that the center sent to the vendors, who get early notice of new vulnerabilities. This was also the case with the earlier postings Hack4life made.
“We still at this point dont know which vendor it is [whos leaking the information],” said Jeffrey Carpenter, manager of CERT.
In the most recent posting, Hack4life includes a few clues about his identity, although its impossible to tell whether theyre real, Carpenter said.
“OK, so Ive been a bit quiet recently, what with college and exams. But the semesters nearly over now so Ill have plenty of time to keep you all up to date with what those fools at CERT are up to once college is finished,” he writes in the posting.
CERT had plans to release its advisory on the PDF reader issue June 23, according to Hack4lifes posting, but Carpenter said no decision has been made on a release date. “Were getting back in contact with the vendors, as we would with any vulnerability that was leaked to the public,” he said.
The vulnerability appears in Adobe Systems Inc.s Acrobat Reader and a handful of other similar programs and enables a local user to gain root privileges. The flaw allows attackers to execute shell commands on vulnerable machines by embedding them in PDF documents. The vulnerability affects readers on most Unix-based operating systems, according to the submission to CERT.