Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200408-14
HistoryAug 15, 2004 - 12:00 a.m.

acroread: UUDecode filename buffer overflow

2004-08-1500:00:00
Gentoo Foundation
security.gentoo.org
9

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.137 Low

EPSS

Percentile

95.7%

JSON

Background

acroread is Adobe’s Acrobat PDF reader for Linux.

Description

acroread contains two errors in the handling of UUEncoded filenames. First, it fails to check the length of a filename before copying it into a fixed size buffer and, secondly, it fails to check for the backtick shell metacharacter in the filename before executing a command with a shell.

Impact

By enticing a user to open a PDF with a specially crafted filename, an attacker could execute arbitrary code or programs with the permissions of the user running acroread.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of acroread.

Resolution

All acroread users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=app-text/acroread-5.09"
 # emerge ">=app-text/acroread-5.09"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-text/acroread<= 5.08UNKNOWN

Related

nessus 3
redhat 1
openvas 4
cve 2
checkpoint_advisories 1
securityvulns 1
cvelist 2
nvd 2
freebsd 1
nessus
nessus
RHEL 3 : acroread (RHSA-2004:432)
2004-08-26 00:00:00
GLSA-200408-14 : acroread: UUDecode filename buffer overflow
2004-08-30 00:00:00
FreeBSD : acroread uudecoder input validation error (78348ea2-ec91-11d8-b913-000c41e2cdad)
2004-08-12 00:00:00
redhat
redhat
(RHSA-2004:432) acroread security update
2004-08-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200408-14 (acroread)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200408-14 (acroread)
2008-09-24 00:00:00
FreeBSD Ports: acroread, acroread4, acroread5
2008-09-04 00:00:00
cve
cve
CVE-2004-0631
2004-08-18 04:00:00
CVE-2004-0630
2004-08-18 04:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution (CVE-2004-0630)
2009-11-03 00:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 08.12.04a: Adobe Acrobat Reader &#40;Unix&#41; Shell Metacharacter Code Execution Vulnerability
2004-08-17 00:00:00
cvelist
cvelist
CVE-2004-0630
2004-08-14 04:00:00
CVE-2004-0631
2004-08-14 04:00:00
nvd
nvd
CVE-2004-0630
2004-08-18 04:00:00
CVE-2004-0631
2004-08-18 04:00:00
freebsd
freebsd
acroread uudecoder input validation error
2004-08-12 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.137 Low

EPSS

Percentile

95.7%

JSON
Related for GLSA-200408-14
nessus3redhat1openvas4cve2checkpoint_advisories1securityvulns1cvelist2nvd2freebsd1