Executive Summary
| Summary | |
|---|---|
| Title | Updated acrobat package fixes security issue |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2004:674 | First vendor Publication | 2004-12-23 |
| Vendor | RedHat | Last vendor Modification | 2004-12-23 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: An updated Adobe Acrobat Reader package that fixes a security issue is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux LACD 3AS - i386 Red Hat Enterprise Linux LACD 3Desktop - i386 Red Hat Enterprise Linux LACD 3ES - i386 Red Hat Enterprise Linux LACD 3WS - i386 3. Problem description: The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF). iDEFENSE has reported that Adobe Acrobat Reader 5.0.9 contains a buffer overflow when decoding email messages. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1152 to this issue. All users of Acrobat Reader are advised to upgrade to this updated package, which contains Acrobat Reader version 5.0.10 which is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 142829 - CAN-2004-1152 Flaws in Acroread 5.0.9 |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2004-674.html |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-12 (acroread) File : nvt/glsa_200412_12.nasl |
| 2008-09-04 | Name : FreeBSD Ports: acroread, acroread4, acroread5 File : nvt/freebsd_acroread.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 12397 | Adobe Acrobat Reader mailListIsPdf() Function Remote Overflow A remote overflow exists in Adobe Acrobat Reader. The Adobe Acrobat Reader fails to validate the mailListIsPdf() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_28e93883539f11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2004-12-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-674.nasl - Type : ACT_GATHER_INFO |
| 2004-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-12.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:48:49 |
|
| 2013-05-11 12:22:42 |
|
