RHEL 3 : acroread (RHSA-2010:0060)

critical Nessus Plugin ID 63914

Synopsis

The remote Red Hat host is missing a security update.

Description

The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras contain security flaws and should not be used.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

Adobe Reader 8.1.7 is vulnerable to critical security flaws and should no longer be used. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)

Adobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader 9 for Linux is not compatible with Red Hat Enterprise Linux 3.
An alternative PDF file viewer available in Red Hat Enterprise Linux 3 is xpdf.

This update removes the acroread packages due to their known security vulnerabilities.

Solution

Update the affected acroread-uninstall package.

See Also

https://www.redhat.com/security/data/cve/CVE-2009-3953.html

https://www.redhat.com/security/data/cve/CVE-2009-3954.html

https://www.redhat.com/security/data/cve/CVE-2009-3955.html

https://www.redhat.com/security/data/cve/CVE-2009-3956.html

https://www.redhat.com/security/data/cve/CVE-2009-3959.html

https://www.redhat.com/security/data/cve/CVE-2009-4324.html

http://www.adobe.com/support/security/bulletins/apsb10-02.html

http://rhn.redhat.com/errata/RHSA-2010-0060.html

Plugin Details

Severity: Critical

ID: 63914

File Name: redhat-RHSA-2010-0060.nasl

Version: 1.17

Type: local

Agent: unix

Published: 1/24/2013

Updated: 6/8/2022

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2009-3959

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:3, p-cpe:/a:redhat:enterprise_linux:acroread-uninstall

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/20/2010

CISA Known Exploited Vulnerability Due Dates: 6/22/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe Doc.media.newPlayer Use After Free Vulnerability)

Reference Information

CVE: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3959, CVE-2009-4324

BID: 37331, 37758

CWE: 119, 16, 189, 399, 94

RHSA: 2010:0060