ID OPENVAS:60589 Type openvas Reporter Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 200803-26.
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "An insecure temporary file creation vulnerability has been discovered in
Adobe Acrobat Reader.";
tag_solution = "All Adobe Acrobat Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r1'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-26
http://bugs.gentoo.org/show_bug.cgi?id=212367";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200803-26.";
if(description)
{
script_id(60589);
script_version("$Revision: 6596 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
script_cve_id("CVE-2008-0883");
script_tag(name:"cvss_base", value:"3.7");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:N/C:P/I:P/A:P");
script_name("Gentoo Security Advisory GLSA 200803-26 (acroread)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if ((res = ispkgvuln(pkg:"app-text/acroread", unaffected: make_list("ge 8.1.2-r1"), vulnerable: make_list("lt 8.1.2-r1"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:60589", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200803-26 (acroread)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-26.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60589", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-0883"], "lastseen": "2017-07-24T12:50:09", "viewCount": 0, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2017-07-24T12:50:09", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0883"]}, {"type": "seebug", "idList": ["SSV:2985"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200803-26.NASL", "SUSE_ACROREAD-5042.NASL", "REDHAT-RHSA-2008-0641.NASL", "SUSE_ACROREAD-5041.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804371"]}, {"type": "gentoo", "idList": ["GLSA-200803-26"]}, {"type": "redhat", "idList": ["RHSA-2008:0641"]}], "modified": "2017-07-24T12:50:09", "rev": 2}, "vulnersScore": 5.8}, "pluginID": "60589", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An insecure temporary file creation vulnerability has been discovered in\nAdobe Acrobat Reader.\";\ntag_solution = \"All Adobe Acrobat Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-26\nhttp://bugs.gentoo.org/show_bug.cgi?id=212367\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200803-26.\";\n\n \n\nif(description)\n{\n script_id(60589);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0883\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200803-26 (acroread)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 8.1.2-r1\"), vulnerable: make_list(\"lt 8.1.2-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:35:11", "description": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.", "edition": 4, "cvss3": {}, "published": "2008-03-06T00:44:00", "title": "CVE-2008-0883", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0883"], "modified": "2017-08-08T01:29:00", "cpe": ["cpe:/a:adobe:acrobat_reader:8.1.2"], "id": "CVE-2008-0883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0883", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0883"], "description": "This host is installed with Adobe Reader and is prone to privilege escalation\nvulnerability.", "modified": "2018-10-12T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310804371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804371", "type": "openvas", "title": "Adobe Reader 'acroread' Privilege Escalation Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_acroread_priv_escalation_vuln_lin.nasl 11878 2018-10-12 12:40:08Z cfischer $\n#\n# Adobe Reader 'acroread' Privilege Escalation Vulnerability (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804371\");\n script_version(\"$Revision: 11878 $\");\n script_cve_id(\"CVE-2008-0883\");\n script_bugtraq_id(28091);\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:40:08 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 18:15:57 +0530 (Tue, 08 Apr 2014)\");\n script_name(\"Adobe Reader 'acroread' Privilege Escalation Vulnerability (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to privilege escalation\nvulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to the insecure handling of temporary files within the 'acroread'\nscript.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain escalated privileges on\nthe system.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 8.1.2 on Linux.\");\n script_tag(name:\"solution\", value:\"Apply the Security Update from the referenced advisory.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/29229\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/40987\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1019539\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/advisories/apsa08-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Linux/Version\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/downloads/detail.jsp?ftpID=3992\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer && readerVer =~ \"^8\")\n{\n if(version_is_equal(version:readerVer, test_version:\"8.1.2\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:52:20", "description": "The remote host is affected by the vulnerability described in GLSA-200803-26\n(Adobe Acrobat Reader: Insecure temporary file creation)\n\n SUSE reported that the 'acroread' wrapper script does not create\n temporary files in a secure manner when handling SSL certificates\n (CVE-2008-0883).\n \nImpact :\n\n A local attacker could exploit this vulnerability to overwrite\n arbitrary files via a symlink attack on temporary files.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2008-03-19T00:00:00", "title": "GLSA-200803-26 : Adobe Acrobat Reader: Insecure temporary file creation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0883"], "modified": "2008-03-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:acroread"], "id": "GENTOO_GLSA-200803-26.NASL", "href": "https://www.tenable.com/plugins/nessus/31613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-26.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31613);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0883\");\n script_xref(name:\"GLSA\", value:\"200803-26\");\n\n script_name(english:\"GLSA-200803-26 : Adobe Acrobat Reader: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-26\n(Adobe Acrobat Reader: Insecure temporary file creation)\n\n SUSE reported that the 'acroread' wrapper script does not create\n temporary files in a secure manner when handling SSL certificates\n (CVE-2008-0883).\n \nImpact :\n\n A local attacker could exploit this vulnerability to overwrite\n arbitrary files via a symlink attack on temporary files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Acrobat Reader users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/acroread\", unaffected:make_list(\"ge 8.1.2-r1\"), vulnerable:make_list(\"lt 8.1.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Acrobat Reader\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:42:53", "description": "Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread'\nwrapper script in the SSL certificate handling. (CVE-2008-0883)\n\nFurthermore it contained several duplicated copies of system\nlibraries, which have been removed for this update to make sure they\nare up-to-date security wise by using the system provided ones.", "edition": 24, "published": "2008-02-27T00:00:00", "title": "openSUSE 10 Security Update : acroread (acroread-5041)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0883"], "modified": "2008-02-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:acroread", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_ACROREAD-5041.NASL", "href": "https://www.tenable.com/plugins/nessus/31296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-5041.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31296);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0883\");\n\n script_name(english:\"openSUSE 10 Security Update : acroread (acroread-5041)\");\n script_summary(english:\"Check for the acroread-5041 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread'\nwrapper script in the SSL certificate handling. (CVE-2008-0883)\n\nFurthermore it contained several duplicated copies of system\nlibraries, which have been removed for this update to make sure they\nare up-to-date security wise by using the system provided ones.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"acroread-8.1.2-1.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"acroread-8.1.2-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"acroread-8.1.2-1.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:42:53", "description": "Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread'\nwrapper script in the SSL certificate handling. (CVE-2008-0883)\n\nFurthermore it contained several duplicated copies of system\nlibraries, which have been removed for this update to make sure they\nare up-to-date security wise by using the system provided ones.", "edition": 24, "published": "2008-02-27T00:00:00", "title": "SuSE 10 Security Update : acroread (ZYPP Patch Number 5042)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0883"], "modified": "2008-02-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-5042.NASL", "href": "https://www.tenable.com/plugins/nessus/31297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31297);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0883\");\n\n script_name(english:\"SuSE 10 Security Update : acroread (ZYPP Patch Number 5042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread'\nwrapper script in the SSL certificate handling. (CVE-2008-0883)\n\nFurthermore it contained several duplicated copies of system\nlibraries, which have been removed for this update to make sure they\nare up-to-date security wise by using the system provided ones.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0883.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5042.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"acroread-8.1.2-1.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"acroread_ja-8.1.2-0.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:06:14", "description": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Acrobat Reader allows users to view and print documents in\nPortable Document Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to\ncrash or, potentially, execute arbitrary code as the user running\nAcrobat Reader. (CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat\nReader 'acroread' startup script. A local attacker could potentially\noverwrite arbitrary files that were writable by the user running\nAcrobat Reader, if the victim ran 'acroread' with certain command line\narguments. (CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages,\nthat contain Acrobat Reader version 8.1.2 Security Update 1, and are\nnot vulnerable to these issues.", "edition": 29, "published": "2009-08-24T00:00:00", "title": "RHEL 3 / 4 / 5 : acroread (RHSA-2008:0641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641", "CVE-2008-0883"], "modified": "2009-08-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:acroread-plugin", "p-cpe:/a:redhat:enterprise_linux:acroread", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0641.NASL", "href": "https://www.tenable.com/plugins/nessus/40724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0641. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40724);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0883\", \"CVE-2008-2641\");\n script_bugtraq_id(28091);\n script_xref(name:\"RHSA\", value:\"2008:0641\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : acroread (RHSA-2008:0641)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Acrobat Reader allows users to view and print documents in\nPortable Document Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to\ncrash or, potentially, execute arbitrary code as the user running\nAcrobat Reader. (CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat\nReader 'acroread' startup script. A local attacker could potentially\noverwrite arbitrary files that were writable by the user running\nAcrobat Reader, if the victim ran 'acroread' with certain command line\narguments. (CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages,\nthat contain Acrobat Reader version 8.1.2 Security Update 1, and are\nnot vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread and / or acroread-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0641\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"acroread-8.1.2.SU1-2\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"acroread-plugin-8.1.2.SU1-2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-8.1.2.SU1-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-plugin-8.1.2.SU1-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-8.1.2.SU1-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-plugin-8.1.2.SU1-2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread / acroread-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0883"], "edition": 1, "description": "### Background\n\nAcrobat Reader is a PDF reader released by Adobe. \n\n### Description\n\nSUSE reported that the \"acroread\" wrapper script does not create temporary files in a secure manner when handling SSL certificates (CVE-2008-0883). \n\n### Impact\n\nA local attacker could exploit this vulnerability to overwrite arbitrary files via a symlink attack on temporary files. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Acrobat Reader users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/acroread-8.1.2-r1\"", "modified": "2008-03-18T00:00:00", "published": "2008-03-18T00:00:00", "id": "GLSA-200803-26", "href": "https://security.gentoo.org/glsa/200803-26", "type": "gentoo", "title": "Adobe Acrobat Reader: Insecure temporary file creation", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:46:20", "description": "BUGTRAQ ID: 28091\r\nCVE(CAN) ID: CVE-2008-0883\r\n\r\nAcrobat Reader\u662f\u4e00\u6b3e\u6d41\u884c\u7684PDF\u6587\u4ef6\u9605\u8bfb\u5668\u3002\r\n\r\nAdobe Reader\u7684acroread\u811a\u672c\u5728\u5904\u7406installCertificate\u9009\u9879\u65f6\u6ca1\u6709\u5b89\u5168\u5730\u5904\u7406\u4e34\u65f6\u6587\u4ef6\uff0c\u8fd9\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u901a\u8fc7\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u7ed3\u5408\u7ade\u4e89\u6761\u4ef6\u8986\u76d6\u6216\u5220\u9664\u4efb\u610f\u6587\u4ef6\u3002\n\nAdobe Acrobat Reader 8.1.2\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://support.novell.com/linux/psdb/sources.html target=_blank>http://support.novell.com/linux/psdb/sources.html</a>", "published": "2008-03-06T00:00:00", "title": "Adobe Acrobat Reader acroread\u521b\u5efa\u4e0d\u5b89\u5168\u4e34\u65f6\u6587\u4ef6\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0883"], "modified": "2008-03-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2985", "id": "SSV:2985", "sourceData": "", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0883", "CVE-2008-2641"], "description": "Adobe Acrobat Reader allows users to view and print documents in Portable\r\nDocument Format (PDF).\r\n\r\nAn input validation flaw was discovered in a JavaScript engine used by\r\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to crash\r\nor, potentially, execute arbitrary code as the user running Acrobat Reader.\r\n(CVE-2008-2641)\r\n\r\nAn insecure temporary file usage issue was discovered in the Acrobat Reader\r\n\"acroread\" startup script. A local attacker could potentially overwrite\r\narbitrary files that were writable by the user running Acrobat Reader, if\r\nthe victim ran \"acroread\" with certain command line arguments.\r\n(CVE-2008-0883)\r\n\r\nAll acroread users are advised to upgrade to these updated packages, that\r\ncontain Acrobat Reader version 8.1.2 Security Update 1, and are not\r\nvulnerable to these issues.", "modified": "2018-05-26T04:26:19", "published": "2008-07-21T04:00:00", "id": "RHSA-2008:0641", "href": "https://access.redhat.com/errata/RHSA-2008:0641", "type": "redhat", "title": "(RHSA-2008:0641) Critical: acroread security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
