Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2008-0974.NASL
HistoryAug 24, 2009 - 12:00 a.m.

RHEL 3 / 4 / 5 : acroread (RHSA-2008:0974)

2009-08-2400:00:00
This script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader.
(CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815)

All acroread users are advised to upgrade to these updated packages, that contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2008:0974. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40730);
  script_version("1.36");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/28");

  script_cve_id(
    "CVE-2008-2549",
    "CVE-2008-2992",
    "CVE-2008-4812",
    "CVE-2008-4813",
    "CVE-2008-4814",
    "CVE-2008-4815",
    "CVE-2008-4817",
    "CVE-2009-0927"
  );
  script_bugtraq_id(29420, 32100, 32105);
  script_xref(name:"RHSA", value:"2008:0974");
  script_xref(name:"TRA", value:"TRA-2009-01");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");

  script_name(english:"RHEL 3 / 4 / 5 : acroread (RHSA-2008:0974)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

Adobe Reader allows users to view and print documents in Portable
Document Format (PDF).

Several input validation flaws were discovered in Adobe Reader. A
malicious PDF file could cause Adobe Reader to crash or, potentially,
execute arbitrary code as the user running Adobe Reader.
(CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813,
CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime
library search path) set in the ELF (Executable and Linking Format)
header. A local attacker able to convince another user to run Adobe
Reader in an attacker-controlled directory could run arbitrary code
with the privileges of the victim. (CVE-2008-4815)

All acroread users are advised to upgrade to these updated packages,
that contain Adobe Reader version 8.1.3, and are not vulnerable to
these issues.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2549");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2992");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-4812");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-4813");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-4814");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-4815");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-4817");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0927");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0974");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2009-01");
  script_set_attribute(attribute:"solution", value:
"Update the affected acroread and / or acroread-plugin packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-0927");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Collab.getIcon() Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_cwe_id(20, 119, 264, 399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2008:0974";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", cpu:"i386", reference:"acroread-8.1.3-1")) flag++;

  if (rpm_check(release:"RHEL3", cpu:"i386", reference:"acroread-plugin-8.1.3-1")) flag++;


  if (rpm_check(release:"RHEL4", cpu:"i386", reference:"acroread-8.1.3-1.el4")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i386", reference:"acroread-plugin-8.1.3-1.el4")) flag++;


  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"acroread-8.1.3-1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"acroread-plugin-8.1.3-1.el5")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread / acroread-plugin");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxacroreadp-cpe:/a:redhat:enterprise_linux:acroread
redhatenterprise_linuxacroread-pluginp-cpe:/a:redhat:enterprise_linux:acroread-plugin
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3
redhatenterprise_linux4cpe:/o:redhat:enterprise_linux:4
redhatenterprise_linux4.7cpe:/o:redhat:enterprise_linux:4.7
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux5.2cpe:/o:redhat:enterprise_linux:5.2

References

Related

openvas 15
redhat 1
nessus 16
gentoo 2
seebug 6
securityvulns 13
prion 9
cvelist 9
cve 9
ubuntucve 6
checkpoint_advisories 5
zdi 4
cert 1
saint 8
threatpost 6
exploitpack 2
canvas 2
packetstorm 3
cisa_kev 2
symantec 1
exploitdb 2
attackerkb 3
coresecurity 1
thn 2
suse 1
openvas
openvas
Gentoo Security Advisory GLSA 200901-09 (acroread)
2009-01-20 00:00:00
Gentoo Security Advisory GLSA 200901-09 (acroread)
2009-01-20 00:00:00
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Windows)
2008-11-05 00:00:00
redhat
redhat
(RHSA-2008:0974) Critical: acroread security update
2008-11-12 00:00:00
nessus
nessus
GLSA-200901-09 : Adobe Reader: User-assisted execution of arbitrary code
2009-01-14 00:00:00
openSUSE Security Update : acroread (acroread-295)
2009-07-21 00:00:00
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5746)
2008-11-24 00:00:00
gentoo
gentoo
Adobe Reader: User-assisted execution of arbitrary code
2009-01-13 00:00:00
Adobe Reader: User-assisted execution of arbitrary code
2009-04-18 00:00:00
seebug
seebug
Adobe Acrobat和Reader 8.1.2多个安全漏洞
2008-11-06 00:00:00
NOS Microsystems getPlus ActiveX控件缓冲区溢出漏洞
2008-11-07 00:00:00
Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit #2
2008-11-07 00:00:00
securityvulns
securityvulns
Adobe Acrobat / Reader multiple security vulnerabilities
2008-11-05 00:00:00
iDefense Security Advisory 11.04.08: Multiple Vendor NOS Microsystems getPlus Downloader Stack Buffer Overflow Vulnerability
2008-11-10 00:00:00
iDefense Security Advisory 11.04.08: Adobe Acrobat And Reader AcroJS Heap Corruption Vulnerability
2008-11-05 00:00:00
prion
prion
Design/Logic Flaw
2008-11-05 15:00:00
Input validation
2008-11-05 15:00:00
Out-of-bounds
2008-11-05 15:00:00
cvelist
cvelist
CVE-2008-4817
2008-11-05 14:51:00
CVE-2008-4812
2008-11-05 14:51:00
CVE-2008-4814
2008-11-05 14:51:00
cve
cve
CVE-2008-4814
2008-11-05 15:00:00
CVE-2008-4817
2008-11-05 15:00:00
CVE-2008-4812
2008-11-05 15:00:00
ubuntucve
ubuntucve
CVE-2008-4814
2008-11-05 00:00:00
CVE-2008-4817
2008-11-05 00:00:00
CVE-2008-4815
2008-11-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat PDF Font Processing Memory Corruption (CVE-2008-4813)
2010-03-08 00:00:00
Workaround for Adobe Reader and Acrobat util.printf Stack Buffer Overflow Vulnerability
2008-12-01 00:00:00
Adobe Acrobat JavaScript getIcon Method Buffer Overflow - Ver2 (CVE-2009-0927)
2014-03-31 00:00:00
zdi
zdi
Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability
2008-11-04 00:00:00
Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability
2008-11-04 00:00:00
Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability
2008-11-04 00:00:00
cert
cert
Adobe Reader and Acrobat util.printf() JavaScript function stack buffer overflow
2008-11-04 00:00:00
saint
saint
Adobe Acrobat JavaScript getIcon method buffer overflow
2009-03-27 00:00:00
Adobe Acrobat JavaScript getIcon method buffer overflow
2009-03-27 00:00:00
Adobe Acrobat util.printf JavaScript function buffer overflow
2008-11-10 00:00:00
threatpost
threatpost
New PDF Attack Targets Aviation Defense Industry
2012-09-13 19:46:42
PBS Website Compromised, Used to Serve Exploits
2009-09-23 22:41:03
Free Beacon Article Redirects to ZeroAccess Rootkit, Fake AV
2013-06-10 16:17:14
exploitpack
exploitpack
Adobe AcrobatReader 7.1.18.1.39.1 - Collab getIcon Universal
2009-09-03 00:00:00
Adobe Reader - util.printf() JavaScript Function Stack Overflow (2)
2008-11-05 00:00:00
canvas
canvas
Immunity Canvas: ACROBAT_JS3
2008-11-04 18:29:00
Immunity Canvas: ACROBAT_JS4
2009-03-19 10:30:00
packetstorm
packetstorm
adobe-printf.txt
2008-11-06 00:00:00
Adobe Collab.getIcon() Buffer Overflow
2009-11-26 00:00:00
Adobe util.printf() Buffer Overflow
2009-11-26 00:00:00
cisa_kev
cisa_kev
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
2022-03-25 00:00:00
Adobe Reader and Acrobat Input Validation Vulnerability
2022-03-03 00:00:00
symantec
symantec
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
2009-03-18 00:00:00
exploitdb
exploitdb
Adobe Reader - &#039;util.printf()&#039; JavaScript Function Stack Overflow (2)
2008-11-05 00:00:00
Adobe Acrobat/Reader &lt; 7.1.1/8.1.3/9.1 - Collab getIcon Universal
2009-09-03 00:00:00
attackerkb
attackerkb
CVE-2008-2992
2008-11-04 00:00:00
CVE-2005-2773
2005-09-02 00:00:00
CVE-2009-0927
2009-03-19 00:00:00
coresecurity
coresecurity
Adobe Reader Javascript Printf Buffer Overflow
2008-11-04 00:00:00
thn
thn
Phoenix Exploit's Kit 2.8 mini version
2011-10-12 17:41:00
Bleeding Life 2 Exploit Pack Released
2011-10-24 04:30:00
suse
suse
remote code execution in acroread
2009-03-27 15:24:52
JSON
Related for REDHAT-RHSA-2008-0974.NASL
openvas15redhat1nessus16gentoo2seebug6securityvulns13prion9cvelist9cve9ubuntucve6checkpoint_advisories5zdi4cert1saint8threatpost6exploitpack2canvas2packetstorm3cisa_kev2symantec1exploitdb2attackerkb3coresecurity1thn2suse1