[gentoo-announce] [ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code - gentoo-announce

From:	Robert Buchholz <rbu@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code
Date:	Tue, 13 Jan 2009 12:52:37
Message-Id:	`200901131318.43903.rbu@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200901-09

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Adobe Reader: User-assisted execution of arbitrary code

9

      Date: January 13, 2009

10

      Bugs: #225483

11

        ID: 200901-09

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Adobe Reader is vulnerable to execution of arbitrary code.

19

20

Background

21

==========

22

23

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF

24

reader.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package            /  Vulnerable  /                    Unaffected

31

    -------------------------------------------------------------------

32

  1  app-text/acroread       < 8.1.3                          >= 8.1.3

33

34

Description

35

===========

36

37

* An unspecified vulnerability can be triggered by a malformed PDF

38

  document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).

39

40

* Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and

41

  Greg MacManus reported a stack-based buffer overflow in the

42

  util.printf JavaScript function that incorrectly handles the format

43

  string argument (CVE-2008-2992).

44

45

* Greg MacManus of iDefense Labs reported an array index error that

46

  can be leveraged for an out-of-bounds write, related to parsing of

47

  Type 1 fonts (CVE-2008-4812).

48

49

* Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day

50

  Initiative, reported multiple unspecified memory corruption

51

  vulnerabilities (CVE-2008-4813).

52

53

* Thomas Garnier of SkyRecon Systems reported an unspecified

54

  vulnerability in a JavaScript method, related to an "input validation

55

  issue" (CVE-2008-4814).

56

57

* Josh Bressers of Red Hat reported an untrusted search path

58

  vulnerability (CVE-2008-4815).

59

60

* Peter Vreugdenhil reported through iDefense that the Download

61

  Manager can trigger a heap corruption via calls to the AcroJS

62

  function (CVE-2008-4817).

63

64

Impact

65

======

66

67

A remote attacker could entice a user to open a specially crafted PDF

68

document, and local attackers could entice a user to run acroread from

69

an untrusted working directory. Both might result in the execution of

70

arbitrary code with the privileges of the user running the application,

71

or a Denial of Service.

72

73

Workaround

74

==========

75

76

There is no known workaround at this time.

77

78

Resolution

79

==========

80

81

All Adobe Reader users should upgrade to the latest version:

82

83

    # emerge --sync

84

    # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3"

85

86

References

87

==========

88

89

  [ 1 ] CVE-2008-2549

90

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549

91

  [ 2 ] CVE-2008-2992

92

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992

93

  [ 3 ] CVE-2008-4812

94

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812

95

  [ 4 ] CVE-2008-4813

96

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813

97

  [ 5 ] CVE-2008-4814

98

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814

99

  [ 6 ] CVE-2008-4815

100

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815

101

  [ 7 ] CVE-2008-4817

102

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817

103

104

Availability

105

============

106

107

This GLSA and any updates to it are available for viewing at

108

the Gentoo Security Website:

109

110

  http://security.gentoo.org/glsa/glsa-200901-09.xml

111

112

Concerns?

113

=========

114

115

Security is a primary focus of Gentoo Linux and ensuring the

116

confidentiality and security of our users machines is of utmost

117

importance to us. Any security concerns should be addressed to

118

security@g.o or alternatively, you may file a bug at

119

http://bugs.gentoo.org.

120

121

License

122

=======

123

124

Copyright 2009 Gentoo Foundation, Inc; referenced text

125

belongs to its owner(s).

126

127

The contents of this document are licensed under the

128

Creative Commons - Attribution / Share Alike license.

129

130

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200901-09
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Adobe Reader: User-assisted execution of arbitrary code
9	Date: January 13, 2009
10	Bugs: #225483
11	ID: 200901-09
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Adobe Reader is vulnerable to execution of arbitrary code.
19
20	Background
21	==========
22
23	Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
24	reader.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 app-text/acroread < 8.1.3 >= 8.1.3
33
34	Description
35	===========
36
37	* An unspecified vulnerability can be triggered by a malformed PDF
38	document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).
39
40	* Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and
41	Greg MacManus reported a stack-based buffer overflow in the
42	util.printf JavaScript function that incorrectly handles the format
43	string argument (CVE-2008-2992).
44
45	* Greg MacManus of iDefense Labs reported an array index error that
46	can be leveraged for an out-of-bounds write, related to parsing of
47	Type 1 fonts (CVE-2008-4812).
48
49	* Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day
50	Initiative, reported multiple unspecified memory corruption
51	vulnerabilities (CVE-2008-4813).
52
53	* Thomas Garnier of SkyRecon Systems reported an unspecified
54	vulnerability in a JavaScript method, related to an "input validation
55	issue" (CVE-2008-4814).
56
57	* Josh Bressers of Red Hat reported an untrusted search path
58	vulnerability (CVE-2008-4815).
59
60	* Peter Vreugdenhil reported through iDefense that the Download
61	Manager can trigger a heap corruption via calls to the AcroJS
62	function (CVE-2008-4817).
63
64	Impact
65	======
66
67	A remote attacker could entice a user to open a specially crafted PDF
68	document, and local attackers could entice a user to run acroread from
69	an untrusted working directory. Both might result in the execution of
70	arbitrary code with the privileges of the user running the application,
71	or a Denial of Service.
72
73	Workaround
74	==========
75
76	There is no known workaround at this time.
77
78	Resolution
79	==========
80
81	All Adobe Reader users should upgrade to the latest version:
82
83	# emerge --sync
84	# emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3"
85
86	References
87	==========
88
89	[ 1 ] CVE-2008-2549
90	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549
91	[ 2 ] CVE-2008-2992
92	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992
93	[ 3 ] CVE-2008-4812
94	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812
95	[ 4 ] CVE-2008-4813
96	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813
97	[ 5 ] CVE-2008-4814
98	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814
99	[ 6 ] CVE-2008-4815
100	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815
101	[ 7 ] CVE-2008-4817
102	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817
103
104	Availability
105	============
106
107	This GLSA and any updates to it are available for viewing at
108	the Gentoo Security Website:
109
110	http://security.gentoo.org/glsa/glsa-200901-09.xml
111
112	Concerns?
113	=========
114
115	Security is a primary focus of Gentoo Linux and ensuring the
116	confidentiality and security of our users machines is of utmost
117	importance to us. Any security concerns should be addressed to
118	security@g.o or alternatively, you may file a bug at
119	http://bugs.gentoo.org.
120
121	License
122	=======
123
124	Copyright 2009 Gentoo Foundation, Inc; referenced text
125	belongs to its owner(s).
126
127	The contents of this document are licensed under the
128	Creative Commons - Attribution / Share Alike license.
129
130	http://creativecommons.org/licenses/by-sa/2.5