This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0743.NASLRHEL 4 / 5 : acroread (RHSA-2010:0743)
Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Adobe Reader allows users to view and print documents in Portable Document Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-21, listed in the References section.
A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-2883, CVE-2010-2884, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3632, CVE-2010-3658)
An insecure relative RPATH (runtime library search path) set in some Adobe Reader libraries could allow a local attacker, who is able to convince another user to run Adobe Reader in an attacker-controlled directory, to execute arbitrary code with the privileges of the victim. (CVE-2010-2887)
A specially crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2010-3656, CVE-2010-3657)
All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2010:0743. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(49786);
script_version("1.35");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");
script_cve_id(
"CVE-2010-2883",
"CVE-2010-2884",
"CVE-2010-2887",
"CVE-2010-2889",
"CVE-2010-2890",
"CVE-2010-3619",
"CVE-2010-3620",
"CVE-2010-3621",
"CVE-2010-3622",
"CVE-2010-3625",
"CVE-2010-3626",
"CVE-2010-3627",
"CVE-2010-3628",
"CVE-2010-3629",
"CVE-2010-3630",
"CVE-2010-3632",
"CVE-2010-3656",
"CVE-2010-3657",
"CVE-2010-3658"
);
script_bugtraq_id(
43057,
43205,
43722,
43723,
43724,
43725,
43726,
43727,
43729,
43730,
43732,
43734,
43735,
43737,
43738,
43740,
43741,
43744,
43746
);
script_xref(name:"RHSA", value:"2010:0743");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");
script_name(english:"RHEL 4 / 5 : acroread (RHSA-2010:0743)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.
The Red Hat Security Response Team has rated this update as having
critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Adobe Reader allows users to view and print documents in Portable
Document Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These
vulnerabilities are detailed on the Adobe security page APSB10-21,
listed in the References section.
A specially crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader
when opened. (CVE-2010-2883, CVE-2010-2884, CVE-2010-2889,
CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621,
CVE-2010-3622, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627,
CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3632,
CVE-2010-3658)
An insecure relative RPATH (runtime library search path) set in some
Adobe Reader libraries could allow a local attacker, who is able to
convince another user to run Adobe Reader in an attacker-controlled
directory, to execute arbitrary code with the privileges of the
victim. (CVE-2010-2887)
A specially crafted PDF file could cause Adobe Reader to crash when
opened. (CVE-2010-3656, CVE-2010-3657)
All Adobe Reader users should install these updated packages. They
contain Adobe Reader version 9.4, which is not vulnerable to these
issues. All running instances of Adobe Reader must be restarted for
the update to take effect.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2883");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2884");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2887");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2889");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2890");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3619");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3620");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3621");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3622");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3625");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3626");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3627");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3628");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3629");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3630");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3632");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3656");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3657");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3658");
script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb10-21.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0743");
script_set_attribute(attribute:"solution", value:
"Update the affected acroread and / or acroread-plugin packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-3658");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"exploithub_sku", value:"EH-11-971");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2010/10/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread-plugin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2010:0743";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL4", cpu:"i386", reference:"acroread-9.4.0-1.el4")) flag++;
if (rpm_check(release:"RHEL4", cpu:"i386", reference:"acroread-plugin-9.4.0-1.el4")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"acroread-9.4.0-1.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"acroread-plugin-9.4.0-1.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread / acroread-plugin");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | acroread | p-cpe:/a:redhat:enterprise_linux:acroread |
| redhat | enterprise_linux | acroread-plugin | p-cpe:/a:redhat:enterprise_linux:acroread-plugin |
| redhat | enterprise_linux | 4 | cpe:/o:redhat:enterprise_linux:4 |
| redhat | enterprise_linux | 4.8 | cpe:/o:redhat:enterprise_linux:4.8 |
| redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
access.redhat.com/errata/RHSA-2010:0743
access.redhat.com/security/cve/cve-2010-2883
access.redhat.com/security/cve/cve-2010-2884
access.redhat.com/security/cve/cve-2010-2887
access.redhat.com/security/cve/cve-2010-2889
access.redhat.com/security/cve/cve-2010-2890
access.redhat.com/security/cve/cve-2010-3619
access.redhat.com/security/cve/cve-2010-3620
access.redhat.com/security/cve/cve-2010-3621
access.redhat.com/security/cve/cve-2010-3622
access.redhat.com/security/cve/cve-2010-3625
access.redhat.com/security/cve/cve-2010-3626
access.redhat.com/security/cve/cve-2010-3627
access.redhat.com/security/cve/cve-2010-3628
access.redhat.com/security/cve/cve-2010-3629
access.redhat.com/security/cve/cve-2010-3630
access.redhat.com/security/cve/cve-2010-3632
access.redhat.com/security/cve/cve-2010-3656
access.redhat.com/security/cve/cve-2010-3657
access.redhat.com/security/cve/cve-2010-3658
www.adobe.com/support/security/bulletins/apsb10-21.html
Related
