RHEL 3 / 4 / 5 : acroread (RHSA-2008:0641)

critical Nessus Plugin ID 40724

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Adobe Acrobat Reader allows users to view and print documents in Portable Document Format (PDF).

An input validation flaw was discovered in a JavaScript engine used by Acrobat Reader. A malicious PDF file could cause Acrobat Reader to crash or, potentially, execute arbitrary code as the user running Acrobat Reader. (CVE-2008-2641)

An insecure temporary file usage issue was discovered in the Acrobat Reader 'acroread' startup script. A local attacker could potentially overwrite arbitrary files that were writable by the user running Acrobat Reader, if the victim ran 'acroread' with certain command line arguments. (CVE-2008-0883)

All acroread users are advised to upgrade to these updated packages, that contain Acrobat Reader version 8.1.2 Security Update 1, and are not vulnerable to these issues.

Solution

Update the affected acroread and / or acroread-plugin packages.

See Also

https://access.redhat.com/security/cve/cve-2008-0883

https://access.redhat.com/security/cve/cve-2008-2641

https://access.redhat.com/errata/RHSA-2008:0641

Plugin Details

Severity: Critical

ID: 40724

File Name: redhat-RHSA-2008-0641.nasl

Version: 1.29

Type: local

Agent: unix

Published: 8/24/2009

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:acroread, p-cpe:/a:redhat:enterprise_linux:acroread-plugin, cpe:/o:redhat:enterprise_linux:3, cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:4.6, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.2

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2008

Vulnerability Publication Date: 3/5/2008

Reference Information

CVE: CVE-2008-0883, CVE-2008-2641

BID: 28091

CWE: 59

RHSA: 2008:0641