Vulnerabilities > CVE-2006-3093 - Security vulnerability in Adobe Reader

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
adobe
nessus

Summary

Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. This vulnerability is addressed in the following product release: Adobe, Acrobat Reader, 7.0.8

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-1690.NASL
    descriptionVarious unspecified security problems have been fixed in Acrobat Reader version 7.0.8 (CVE-2006-3093), contained in this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id27143
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27143
    titleopenSUSE 10 Security Update : acroread (acroread-1690)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update acroread-1690.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27143);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-3093");
    
      script_name(english:"openSUSE 10 Security Update : acroread (acroread-1690)");
      script_summary(english:"Check for the acroread-1690 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various unspecified security problems have been fixed in Acrobat
    Reader version 7.0.8 (CVE-2006-3093), contained in this update."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected acroread package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:acroread");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"acroread-7.0.8-0.4") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_041.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:041 (acroread). Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8. Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible. Adobe does not provide update packages for Acroread that are compatible with some of our releases from the past. Therefore, updates are missing (and might not be provided) for the products listed as follows. As a solution to Adobe acroread security problems on older products we suggest removal of the package from exposed systems and to use the longer maintained open source PDF viewers. - SUSE Linux Enterprise Server 9, Open Enterprise Server, Novell Linux POS 9 Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries (previously GTK+ 2.2). Since the above products contain only GTK+ 2.2, the Acrobat Reader 7.0.8 provided by Adobe is currently not functional. We have postponed the updates and wait for Adobe to clarify this problem. - SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1 These versions only support Acrobat Reader 5 and could not be upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements. We discontinued security support for Acrobat Reader on those products some time ago already. This issue is tracked by the Mitre CVE ID CVE-2006-3093.
    last seen2019-10-28
    modified2007-02-18
    plugin id24421
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24421
    titleSUSE-SA:2006:041: acroread
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:041
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(24421);
     script_version ("1.9");
     
     name["english"] = "SUSE-SA:2006:041: acroread";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2006:041 (acroread).
    
    
    Various unspecified security problems have been fixed in Acrobat
    Reader version 7.0.8.
    
    Adobe does not provide detailed information about the nature of the
    security problems. Therefore, it is necessary to assume that remote
    code execution is possible.
    
    
    Adobe does not provide update packages for Acroread that are compatible
    with some of our releases from the past. Therefore, updates are missing
    (and might not be provided) for the products listed as follows.
    
    As a solution to Adobe acroread security problems on older products
    we suggest removal of the package from exposed systems and to use
    the longer maintained open source PDF viewers.
    
    - SUSE Linux Enterprise Server 9, Open Enterprise Server,
    Novell Linux POS 9
    
    Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries
    (previously GTK+ 2.2).
    
    Since the above products contain only GTK+ 2.2, the Acrobat Reader
    7.0.8 provided by Adobe is currently not functional.
    
    We have postponed the updates and wait for Adobe to clarify this
    problem.
    
    - SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1
    
    These versions only support Acrobat Reader 5 and could not be
    upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements.
    
    We discontinued security support for Acrobat Reader on those
    products some time ago already.
    
    This issue is tracked by the Mitre CVE ID CVE-2006-3093." );
     script_set_attribute(attribute:"solution", value:
    "http://www.novell.com/linux/security/advisories/2006_41_acroread.html" );
     script_set_attribute(attribute:"risk_factor", value:"High" );
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the acroread package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"acroread-7.0.8-1.1", release:"SUSE10.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"acroread-7.0.8-1.1", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"acroread-7.0.8-1.1", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    
  • NASL familyWindows
    NASL idADOBE_READER_708.NASL
    descriptionThe version of Adobe Reader installed on the remote host is earlier than 7.0.8 and thus reportedly is affected by several security issues. While details on the nature of these flaws is currently unknown, the vendor ranks them low, saying they have minimal impact and are difficult to exploit.
    last seen2020-06-01
    modified2020-06-02
    plugin id21698
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21698
    titleAdobe Reader < 7.0.8 Multiple Unspecified Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21698);
      script_version("1.22");
      script_cvs_date("Date: 2018/06/27 18:42:27");
    
      script_cve_id("CVE-2006-3093");
      script_bugtraq_id(18445);
    
      script_name(english:"Adobe Reader < 7.0.8 Multiple Unspecified Vulnerabilities");
      script_summary(english:"Checks version of Adobe Reader");
    
     script_set_attribute(attribute:"synopsis", value:
    "The PDF file viewer on the remote Windows host is affected by several issues." );
     script_set_attribute(attribute:"description", value:
    "The version of Adobe Reader installed on the remote host is earlier than 7.0.8
    and thus reportedly is affected by several security issues. While details on
    the nature of these flaws is currently unknown, the vendor ranks them low,
    saying they have minimal impact and are difficult to exploit." );
     # http://web.archive.org/web/20060618175415/http://www.adobe.com/support/techdocs/327817.html
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c51296a5" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Reader 7.0.8 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/16");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/11");
     script_set_attribute(attribute:"patch_publication_date", value: "2006/06/08");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
    script_end_attributes();
    
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
      script_dependencies("adobe_reader_installed.nasl");
      script_require_keys("SMB/Acroread/Version");
      exit(0);
    }
    
    
    include("global_settings.inc");
    
    
    info = NULL;
    vers = get_kb_list('SMB/Acroread/Version');
    if (isnull(vers)) exit(0, 'The "SMB/Acroread/Version" KB item is missing.');
    
    foreach ver (vers)
    {
      if (ver =~ "^([0-6]\.|7\.0\.[0-7][^0-9.]?)")
      {
        path = get_kb_item('SMB/Acroread/'+ver+'/Path');
        if (isnull(path)) exit(1, 'The "SMB/Acroread/'+ver+'/Path" KB item is missing.');
    
        verui = get_kb_item('SMB/Acroread/'+ver+'/Version_UI');
        if (isnull(verui)) exit(1, 'The "SMB/Acroread/'+ver+'/Version_UI" KB item is missing.');
    
        info += '  - ' + verui + ', under ' + path + '\n';
      }
    }
    
    if (isnull(info)) exit(0, 'The remote host is not affected.');
    
    if (report_verbosity > 0)
    {
      if (max_index(split(info)) > 1) s = "s of Adobe Reader are";
      else s = " of Adobe Reader is";
    
      report =
        '\nThe following vulnerable instance'+s+' installed on the'+
        '\nremote host :\n\n'+
        info;
      security_warning(port:get_kb_item("SMB/transport"), extra:report);
    }
    else security_warning(get_kb_item("SMB/transport"));
    

Statements

contributorMark J Cox
lastmodified2006-08-16
organizationRed Hat
statementNot vulnerable. Adobe told us that this issue does not affect the Linux versions of Adobe Acrobat Reader.