Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_11_1_ACROREAD-090701.NASL
HistoryJul 21, 2009 - 12:00 a.m.

openSUSE Security Update : acroread (acroread-1060)

2009-07-2100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

This update of acroread fixes the following vulnerabilities :

  • CVE-2009-1855: stack overflow that could lead to code execution

  • CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution

  • CVE-2009-1857: memory corruption with potential to lead to arbitrary code execution

  • CVE-2009-1858: memory corruption with potential to lead to arbitrary code execution

  • CVE-2009-1859: memory corruption with potential to lead to arbitrary code execution

  • CVE-2009-0198: memory corruption with potential to lead to arbitrary code execution

  • CVE-2009-0509, CVE-2009-0510 CVE-2009-0511, CVE-2009-0512: heap overflow that could lead to code execution

  • CVE-2009-1861: heap overflow that could lead to code execution

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update acroread-1060.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40184);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-0198", "CVE-2009-0509", "CVE-2009-0510", "CVE-2009-0511", "CVE-2009-0512", "CVE-2009-1855", "CVE-2009-1856", "CVE-2009-1857", "CVE-2009-1858", "CVE-2009-1859", "CVE-2009-1861");

  script_name(english:"openSUSE Security Update : acroread (acroread-1060)");
  script_summary(english:"Check for the acroread-1060 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of acroread fixes the following vulnerabilities :

  - CVE-2009-1855: stack overflow that could lead to code
    execution

  - CVE-2009-1856: integer overflow with potential to lead
    to arbitrary code execution

  - CVE-2009-1857: memory corruption with potential to lead
    to arbitrary code execution

  - CVE-2009-1858: memory corruption with potential to lead
    to arbitrary code execution

  - CVE-2009-1859: memory corruption with potential to lead
    to arbitrary code execution

  - CVE-2009-0198: memory corruption with potential to lead
    to arbitrary code execution

  - CVE-2009-0509, CVE-2009-0510 CVE-2009-0511,
    CVE-2009-0512: heap overflow that could lead to code
    execution

  - CVE-2009-1861: heap overflow that could lead to code
    execution"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=511566"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected acroread package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:acroread");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.1", reference:"acroread-8.1.6-0.1.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread");
}
VendorProductVersionCPE
novellopensuseacroreadp-cpe:/a:novell:opensuse:acroread
novellopensuse11.1cpe:/o:novell:opensuse:11.1

Related

nessus 10
suse 1
openvas 12
threatpost 1
redhat 1
checkpoint_advisories 11
gentoo 1
securityvulns 6
cve 13
prion 13
ubuntucve 13
cert 1
zdi 1
seebug 1
nessus
nessus
openSUSE Security Update : acroread (acroread-1060)
2009-07-21 00:00:00
SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6398)
2011-01-27 00:00:00
openSUSE 10 Security Update : acroread (acroread-6332)
2009-10-06 00:00:00
suse
suse
remote code execution in acroread
2009-07-01 18:07:59
openvas
openvas
SUSE: Security Advisory for acroread (SUSE-SA:2009:035)
2009-07-06 00:00:00
SuSE Security Advisory SUSE-SA:2009:035 (acroread)
2009-07-06 00:00:00
RedHat Security Advisory RHSA-2009:1109
2009-06-23 00:00:00
threatpost
threatpost
Adobe slaps band-aid on 13 security holes
2009-06-09 21:54:04
redhat
redhat
(RHSA-2009:1109) Critical: acroread security update
2009-06-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Reader PDF Documents Containing Embedded JBIG2 Streams (CVE-2009-0509; CVE-2009-0510; CVE-2009-0511; CVE-2009-0512)
2009-06-10 00:00:00
Adobe Reader JBIG2 Pattern Dictionary Memory Corruption (APSB09-07; CVE-2009-0510; CVE-2009-0511)
2009-06-15 00:00:00
Adobe Reader JBIG2 Page Information Integer Overflow (APSB09-07; CVE-2009-0509)
2009-06-15 00:00:00
gentoo
gentoo
Adobe Reader: User-assisted execution of arbitrary code
2009-07-12 00:00:00
securityvulns
securityvulns
Adobe Acrobat / Reader code execution
2009-09-04 00:00:00
VUPEN Security - Adobe Acrobat and Reader JBIG2 Filter Heap Overflow Vulnerability
2009-06-14 00:00:00
iDefense Security Advisory 06.11.09: Adobe Reader and Acrobat FlateDecode Integer Overflow Vulnerability
2009-06-14 00:00:00
cve
cve
CVE-2009-0512
2009-06-11 15:30:00
CVE-2009-0888
2009-06-11 15:30:00
CVE-2009-0511
2009-06-11 15:30:00
prion
prion
Heap overflow
2009-06-11 15:30:00
Heap overflow
2009-06-11 15:30:00
Heap overflow
2009-06-11 15:30:00
ubuntucve
ubuntucve
CVE-2009-0512
2009-06-11 00:00:00
CVE-2009-0888
2009-06-11 00:00:00
CVE-2009-0889
2009-06-11 00:00:00
cert
cert
Adobe Reader contains multiple vulnerabilities in the processing of JPX data
2009-06-09 00:00:00
zdi
zdi
Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability
2009-06-10 00:00:00
seebug
seebug
Adobe Readerๅ’ŒAcrobat U3D Model่ฟœ็จ‹ๆ ˆ็ผ“ๅ†ฒๅŒบๆบขๅ‡บๆผๆดž
2009-06-13 00:00:00
JSON
Related for SUSE_11_1_ACROREAD-090701.NASL
nessus10suse1openvas12threatpost1redhat1checkpoint_advisories11gentoo1securityvulns6cve13prion13ubuntucve13cert1zdi1seebug1