‘The Adobe eBook Library’s Multiple Vulnerabilities’

Summary

‘Adobe Systems Incorporated recently opened a special web site to demonstrate the new library features of Adobe Content Server. According to Adobe, ‘The Adobe eBook Library uses Adobe Content Server as a secure repository for the eBooks’. This is contrary to what vulnerabilities have been found in the product. The vulnerabilities range from loaning of content multiple times, loaning the content to an extended period (more than it is been intended) and loaning of content even if its not available (the loans counter will become negative).’

Credit:

‘The information has been provided by Vladimir Katalov.’


Details

‘1. It is possible to get all available copies of any book — Adobe Acrobat eBook Reader does not check if you have borrowed the given book already.

2. The loan period (one or three days) is not verified. It is implemented in the script using the following

      <FORM id=form2 name=’form2′ ACTION=’http://librarydemo.adobe.com/library/download.asp’ METHOD=’POST’>
        <INPUT type=hidden value=133 name=bookid>
        <INPUT type=radio CHECKED value=1440 name=loanMin> Borrow for 1 day <BR>
        <INPUT type=radio value=4320 name=loanMin> Borrow for 3 days <BR>

The value of loanMin is the loan period in minutes (1440 for one day, and 4320 for three days). It is possible to save the form to the local disk, change one of the values to the one you need (i.e. 525600 for one year), load the updated form into the browser, and by pressing the ‘Add to bookbag’ button borrow this book for the selected (‘fake’) period.

3. When the book counter reaches zero, the user can see a note near the book description:

      There are currently none available.
      Please check back later.

However, the ‘Add to bookbag’ button is still available and working just fine, i.e. it is still possible to get another copy (copies) of the book. In addition, the ‘Number of Books’ counter (on the library page) becomes negative.

Impact:
By combining bugs [1] and [2], it is very easy to implement something like ‘Denial-of-service’ attack for the library: just get all copies of all books from the library (for very large period — e.g. a few years). Therefore, no books will be available to anybody else.’

Categories: News