Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title acroread security update
Informations
Name RHSA-2010:0060 First vendor Publication 2010-01-20
Vendor RedHat Last vendor Modification 2010-01-20
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras contain security flaws and should not be used.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

Adobe Reader 8.1.7 is vulnerable to critical security flaws and should no longer be used. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)

Adobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader 9 for Linux is not compatible with Red Hat Enterprise Linux 3. An alternative PDF file viewer available in Red Hat Enterprise Linux 3 is xpdf.

This update removes the acroread packages due to their known security vulnerabilities.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547799 - CVE-2009-4324 acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02) 554293 - CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02) 554296 - CVE-2009-3956 acroread: script injection vulnerability (APSB10-02)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0060.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-399 Resource Management Errors
17 % CWE-189 Numeric Errors (CWE/SANS Top 25)
17 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-94 Failure to Control Generation of Code ('Code Injection')
17 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21374
 
Oval ID: oval:org.mitre.oval:def:21374
Title: RHSA-2010:0037: acroread security and bug fix update (Critical)
Description: Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Family: unix Class: patch
Reference(s): RHSA-2010:0037-01
CVE-2009-3953
CVE-2009-3954
CVE-2009-3955
CVE-2009-3956
CVE-2009-3959
CVE-2009-4324
Version: 81
Platform(s): Red Hat Enterprise Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22917
 
Oval ID: oval:org.mitre.oval:def:22917
Title: ELSA-2010:0037: acroread security and bug fix update (Critical)
Description: Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Family: unix Class: patch
Reference(s): ELSA-2010:0037-01
CVE-2009-3953
CVE-2009-3954
CVE-2009-3955
CVE-2009-3956
CVE-2009-3959
CVE-2009-4324
Version: 29
Platform(s): Oracle Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6795
 
Oval ID: oval:org.mitre.oval:def:6795
Title: Adobe Reader and Acrobat Unspecified Code Execution Vulnerability
Description: Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Family: windows Class: vulnerability
Reference(s): CVE-2009-4324
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8242
 
Oval ID: oval:org.mitre.oval:def:8242
Title: Adobe Reader and Acrobat U3D Remote Code Execution Vulnerability
Description: The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3953
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8255
 
Oval ID: oval:org.mitre.oval:def:8255
Title: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability
Description: Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3955
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8327
 
Oval ID: oval:org.mitre.oval:def:8327
Title: Adobe Reader and Acrobat Remote Security Bypass Vulnerability
Description: The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3956
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8528
 
Oval ID: oval:org.mitre.oval:def:8528
Title: Adobe Reader and Acrobat DLL Loading in 3D Remote Code Execution Vulnerability
Description: The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3954
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8539
 
Oval ID: oval:org.mitre.oval:def:8539
Title: Adobe Reader and Acrobat U3D Support Remote Code Execution Vulnerability
Description: Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3959
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 129
Application 82

SAINT Exploits

Description Link
Adobe Reader media.newPlayer Use-After-Free Code Execution More info here

ExploitDB Exploits

id Description
2009-12-23 Adobe Reader and Acrobat (CVE-2009-4324) Exploit

OpenVAS Exploits

Date Description
2011-03-09 Name : Gentoo Security Advisory GLSA 201009-05 (acroread)
File : nvt/glsa_201009_05.nasl
2010-01-29 Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-16 Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Jan10 (Win)
File : nvt/gb_adobe_prdts_mult_vuln_jan10_win.nasl
2010-01-16 Name : Adobe Reader Multiple Vulnerabilities -jan10 (Linux)
File : nvt/gb_adobe_reader_mult_vuln_jan10_lin.nasl
2009-12-21 Name : Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
File : nvt/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl
2009-12-21 Name : Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerabil...
File : nvt/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61695 Adobe Reader / Acrobat U3D Implementation Unspecified Overflow

61693 Adobe Reader / Acrobat Enhanced Security Feature Default Configuration Modifi...

61692 Adobe Reader / Acrobat PDF JpxDecode Encoded Jp2c Stream Handling Memory Corr...

61691 Adobe Reader / Acrobat 3D Implementation DLL-loading Unspecified Arbitrary Co...

61690 Adobe Reader / Acrobat U3D Implementation Array Boundary Arbitrary Code Execu...

60980 Adobe Reader / Acrobat Doc.media.newPlayer Use-After-Free Arbitrary Code Exec...

Acrobat and Reader contain a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a use-after-free condition in Doc.media.newPlayer when parsing a specially crafted PDF file.

Snort® IPS/IDS

Date Description
2014-12-02 Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt
RuleID : 32358 - Revision : 3 - Type : FILE-PDF
2014-11-16 Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt
RuleID : 31555 - Revision : 4 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28743 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28742 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28741 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28740 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28739 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28738 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28737 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28736 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28735 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28734 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28733 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28732 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28731 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28730 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28729 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 28728 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt
RuleID : 28454 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 23506 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt
RuleID : 23505 - Revision : 6 - Type : FILE-PDF
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt
RuleID : 20429 - Revision : 12 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader script injection vulnerability
RuleID : 19118 - Revision : 15 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader malformed U3D integer overflow
RuleID : 19117 - Revision : 15 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt
RuleID : 18801 - Revision : 12 - Type : FILE-PDF
2014-01-10 Adobe Reader JP2C Region Atom CompNum memory corruption attempt
RuleID : 16370 - Revision : 7 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt
RuleID : 16334 - Revision : 18 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader media.newPlayer memory corruption attempt
RuleID : 16333 - Revision : 18 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0037.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0038.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0060.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6802.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6803.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6804.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6805.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO
2010-02-02 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-100128.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb10-02.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The PDF file viewer on the remote Windows host is affected by multiple vulner...
File : adobe_reader_apsb10-02.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:53:12
  • Multiple Updates