Vulnerabilities > CVE-2004-0631 - Unspecified vulnerability in Adobe Acrobat Reader 5.0/5.0.5/5.0.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN adobe
nessus
Summary
Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-432.NASL description An updated Adobe Acrobat Reader package that fixes multiple security issues is now available. The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF). iDEFENSE has reported that Adobe Acrobat Reader 5.0 contains a buffer overflow when decoding uuencoded documents. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 14380 published 2004-08-26 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14380 title RHEL 3 : acroread (RHSA-2004:432) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:432. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14380); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0630", "CVE-2004-0631"); script_xref(name:"RHSA", value:"2004:432"); script_name(english:"RHEL 3 : acroread (RHSA-2004:432)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated Adobe Acrobat Reader package that fixes multiple security issues is now available. The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF). iDEFENSE has reported that Adobe Acrobat Reader 5.0 contains a buffer overflow when decoding uuencoded documents. An attacker could execute arbitrary code on a victim's machine if a user opens a specially crafted uuencoded document. This issue poses the threat of remote execution, since Acrobat Reader may be the default handler for PDF files. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0631 to this issue. iDEFENSE also reported that Adobe Acrobat Reader 5.0 contains an input validation error in its uuencoding feature. An attacker could create a file with a specially crafted file name which could lead to arbitrary command execution on a victim's machine. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0630 to this issue. All users of Acrobat Reader are advised to upgrade to this updated package, which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2004-0630.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2004-0631.html" ); # http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7aa457ea" ); # http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?09112fc9" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2004-432.html" ); script_set_attribute( attribute:"solution", value:"Update the affected acroread and / or acroread-plugin packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"acroread-5.09-1")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"acroread-plugin-5.09-1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-14.NASL description The remote host is affected by the vulnerability described in GLSA-200408-14 (acroread: UUDecode filename buffer overflow) acroread contains two errors in the handling of UUEncoded filenames. First, it fails to check the length of a filename before copying it into a fixed size buffer and, secondly, it fails to check for the backtick shell metacharacter in the filename before executing a command with a shell. Impact : By enticing a user to open a PDF with a specially crafted filename, an attacker could execute arbitrary code or programs with the permissions of the user running acroread. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of acroread. last seen 2020-06-01 modified 2020-06-02 plugin id 14570 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14570 title GLSA-200408-14 : acroread: UUDecode filename buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200408-14. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14570); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0630", "CVE-2004-0631"); script_xref(name:"GLSA", value:"200408-14"); script_name(english:"GLSA-200408-14 : acroread: UUDecode filename buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200408-14 (acroread: UUDecode filename buffer overflow) acroread contains two errors in the handling of UUEncoded filenames. First, it fails to check the length of a filename before copying it into a fixed size buffer and, secondly, it fails to check for the backtick shell metacharacter in the filename before executing a command with a shell. Impact : By enticing a user to open a PDF with a specially crafted filename, an attacker could execute arbitrary code or programs with the permissions of the user running acroread. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of acroread." ); # http://idefense.com/application/poi/display?id=124&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?09112fc9" ); # http://idefense.com/application/poi/display?id=125&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7aa457ea" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200408-14" ); script_set_attribute( attribute:"solution", value: "All acroread users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-text/acroread-5.09' # emerge '>=app-text/acroread-5.09'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:acroread"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-text/acroread", unaffected:make_list("ge 5.09"), vulnerable:make_list("le 5.08"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread"); }
Redhat
| advisories |
|
References
- http://www.securityfocus.com/bid/10932
- http://security.gentoo.org/glsa/glsa-200408-14.xml
- http://www.adobe.com/support/techdocs/322914.html
- http://www.redhat.com/support/errata/RHSA-2004-432.html
- http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16972