SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5746)

high Nessus Plugin ID 34942

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

The acroread package was update to fix several security vulnerabilities in the JavaScript engine. (CVE-2008-2992 / CVE-2008-2549 / CVE-2008-4812 / CVE-2008-4813 / CVE-2008-4817 / CVE-2008-4816 / CVE-2008-4814 / CVE-2008-4815)

Solution

Apply ZYPP patch number 5746.

See Also

http://support.novell.com/security/cve/CVE-2008-2549.html

http://support.novell.com/security/cve/CVE-2008-2992.html

http://support.novell.com/security/cve/CVE-2008-4812.html

http://support.novell.com/security/cve/CVE-2008-4813.html

http://support.novell.com/security/cve/CVE-2008-4814.html

http://support.novell.com/security/cve/CVE-2008-4815.html

http://support.novell.com/security/cve/CVE-2008-4816.html

http://support.novell.com/security/cve/CVE-2008-4817.html

Plugin Details

Severity: High

ID: 34942

File Name: suse_acroread-5746.nasl

Version: 1.24

Type: local

Agent: unix

Published: 11/24/2008

Updated: 3/8/2022

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/6/2008

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe util.printf() Buffer Overflow)

Reference Information

CVE: CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4815, CVE-2008-4816, CVE-2008-4817

CWE: 119, 20, 264, 399