Vulnerabilities > CVE-2004-0631 - Buffer Overflow vulnerability in Adobe Acrobat Reader For Unix UUDecode

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
critical
nessus
NVD
Published: 2004-08-18
Updated: 2017-07-11

Summary

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.

Vulnerable Configurations

Part Description Count
Application
Adobe
3

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-432.NASL
    descriptionAn updated Adobe Acrobat Reader package that fixes multiple security issues is now available. The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF). iDEFENSE has reported that Adobe Acrobat Reader 5.0 contains a buffer overflow when decoding uuencoded documents. An attacker could execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id14380
    published2004-08-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14380
    titleRHEL 3 : acroread (RHSA-2004:432)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:432. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14380);
  script_version ("1.17");
  script_cvs_date("Date: 2019/10/25 13:36:10");

  script_cve_id("CVE-2004-0630", "CVE-2004-0631");
  script_xref(name:"RHSA", value:"2004:432");

  script_name(english:"RHEL 3 : acroread (RHSA-2004:432)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated Adobe Acrobat Reader package that fixes multiple security
issues is now available.

The Adobe Acrobat Reader browser allows for the viewing, distributing,
and printing of documents in portable document format (PDF).

iDEFENSE has reported that Adobe Acrobat Reader 5.0 contains a buffer
overflow when decoding uuencoded documents. An attacker could execute
arbitrary code on a victim's machine if a user opens a specially
crafted uuencoded document. This issue poses the threat of remote
execution, since Acrobat Reader may be the default handler for PDF
files. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2004-0631 to this issue.

iDEFENSE also reported that Adobe Acrobat Reader 5.0 contains an input
validation error in its uuencoding feature. An attacker could create a
file with a specially crafted file name which could lead to arbitrary
command execution on a victim's machine. The Common Vulnerabilities
and Exposures project has assigned the name CVE-2004-0630 to this
issue.

All users of Acrobat Reader are advised to upgrade to this updated
package, which is not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2004-0630.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2004-0631.html"
  );
  # http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7aa457ea"
  );
  # http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?09112fc9"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://rhn.redhat.com/errata/RHSA-2004-432.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected acroread and / or acroread-plugin packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acroread-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

flag = 0;
if (rpm_check(release:"RHEL3", cpu:"i386", reference:"acroread-5.09-1")) flag++;
if (rpm_check(release:"RHEL3", cpu:"i386", reference:"acroread-plugin-5.09-1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200408-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200408-14 (acroread: UUDecode filename buffer overflow) acroread contains two errors in the handling of UUEncoded filenames. First, it fails to check the length of a filename before copying it into a fixed size buffer and, secondly, it fails to check for the backtick shell metacharacter in the filename before executing a command with a shell. Impact : By enticing a user to open a PDF with a specially crafted filename, an attacker could execute arbitrary code or programs with the permissions of the user running acroread. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of acroread.
    last seen2020-06-01
    modified2020-06-02
    plugin id14570
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14570
    titleGLSA-200408-14 : acroread: UUDecode filename buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200408-14.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(14570);
  script_version("1.21");
  script_cvs_date("Date: 2019/08/02 13:32:41");

  script_cve_id("CVE-2004-0630", "CVE-2004-0631");
  script_xref(name:"GLSA", value:"200408-14");

  script_name(english:"GLSA-200408-14 : acroread: UUDecode filename buffer overflow");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200408-14
(acroread: UUDecode filename buffer overflow)

    acroread contains two errors in the handling of UUEncoded filenames.
    First, it fails to check the length of a filename before copying it
    into a fixed size buffer and, secondly, it fails to check for the
    backtick shell metacharacter in the filename before executing a command
    with a shell.
  
Impact :

    By enticing a user to open a PDF with a specially crafted filename, an
    attacker could execute arbitrary code or programs with the permissions
    of the user running acroread.
  
Workaround :

    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version of acroread."
  );
  # http://idefense.com/application/poi/display?id=124&type=vulnerabilities
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?09112fc9"
  );
  # http://idefense.com/application/poi/display?id=125&type=vulnerabilities
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7aa457ea"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200408-14"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All acroread users should upgrade to the latest version:
    # emerge sync
    # emerge -pv '>=app-text/acroread-5.09'
    # emerge '>=app-text/acroread-5.09'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:acroread");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-text/acroread", unaffected:make_list("ge 5.09"), vulnerable:make_list("le 5.08"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread");
}

Redhat

advisories
rhsa
idRHSA-2004:432

References