[j-nsp] Security bugs in documentation

Bjørn Mork bjorn at mork.no
Tue Oct 30 05:21:16 EDT 2012


Yes, documentation itself maybe be a security risk...

I am more than a bit pissed after attemting to view

http://www.juniper.net/techpubs/en_US/junos12.2/information-products/topic-collections/config-guide-firewall-filter/config-guide-firewall-policer.pdf

Using an open source viewer, all I see in that document is a single page
displaying

 "For the best experience, open this PDF portfolio in
  Acrobat 9 or Adobe Reader 9, or later."

and a link to "Get Adobe Reader Now!".  And sure enough, inspecting the
pdf shows that it is a 5MB single page document:


bjorn at nemi:~/tmp$ pdfinfo config-guide-firewall-policer.pdf 
Title:           Firewall Filter and Policer Configuration Guide
Author:         Juniper Networks
Creator:        Adobe Acrobat Pro 9.3.0
Producer:       Adobe Acrobat Pro 9.3.0
CreationDate:   Fri Jul  6 16:05:23 2012
ModDate:        Fri Jul  6 16:07:53 2012
Tagged:         yes
Pages:          1
Encrypted:      no
Page size:      504 x 360 pts
File size:      5257154 bytes
Optimized:      no
PDF version:    1.7



Yes, I understand what is going on here and I DO NOT APPROVE.  I
considere the above a malicious attempt to force me to use software I do
not want to use.  It is no better than any other phishing attemt.  I was
wondering if I should open a case with JTAC for this, but I fear that
would only be ignored.  This really deserves public humiliation.

So, please Juniper and others: Do not use any Abobe program ever.  They
are deliberately buggy like demonstrated above, creating faulty
documents which can only be read by their own buggy readers.

If you continue distributing your documentation infected by the Adobe
phishing virus, then I will have to manage without your documentation.
That's a pity, because I think it will make it very diffcult for me to
work with any Juniper equipment.  I am sure you can figure out where
that is going to end.



Bjørn



More information about the juniper-nsp mailing list