[gentoo-announce] [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200701-16 ] Adobe Acrobat Reader: Multiple vulnerabilities
Date:	Tue, 23 Jan 2007 00:07:01
Message-Id:	`20070122235151.GL8994@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200701-16

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Adobe Acrobat Reader: Multiple vulnerabilities

9

      Date: January 22, 2007

10

      Bugs: #159874

11

        ID: 200701-16

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Adobe Acrobat Reader is vulnerable to remote code execution, Denial of

19

Service, and cross-site scripting attacks.

20

21

Background

22

==========

23

24

Adobe Acrobat Reader is a PDF reader released by Adobe.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package            /  Vulnerable  /                    Unaffected

31

    -------------------------------------------------------------------

32

  1  app-text/acroread       < 7.0.9                          >= 7.0.9

33

34

Description

35

===========

36

37

Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code

38

execution via heap corruption when loading a specially crafted PDF

39

file.

40

41

The browser plugin released with Adobe Acrobat Reader (nppdf.so) does

42

not properly handle URLs, and crashes if given a URL that is too long.

43

The plugin does not correctly handle JavaScript, and executes

44

JavaScript that is given as a GET variable to the URL of a PDF file.

45

Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX

46

request parameters following the # character in a URL, allowing for

47

multiple cross-site scripting vulnerabilities.

48

49

Impact

50

======

51

52

An attacker could entice a user to open a specially crafted PDF file

53

and execute arbitrary code with the rights of the user running Adobe

54

Acrobat Reader. An attacker could also entice a user to browse to a

55

specially crafted URL and either crash the Adobe Acrobat Reader browser

56

plugin, execute arbitrary JavaScript in the context of the user's

57

browser, or inject arbitrary HTML or JavaScript into the document being

58

viewed by the user. Note that users who have emerged Adobe Acrobat

59

Reader with the "nsplugin" USE flag disabled are not vulnerable to

60

issues with the Adobe Acrobat Reader browser plugin.

61

62

Workaround

63

==========

64

65

There is no known workaround at this time.

66

67

Resolution

68

==========

69

70

All Adobe Acrobat Reader users should upgrade to the latest version:

71

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose ">=app-text/acroread-7.0.9"

74

75

References

76

==========

77

78

  [ 1 ] CVE-2006-5857

79

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5857

80

  [ 2 ] CVE-2007-0044

81

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044

82

  [ 3 ] CVE-2007-0045

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045

84

  [ 4 ] CVE-2007-0046

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0046

86

  [ 5 ] CVE-2007-0048

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200701-16.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2007 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200701-16
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Adobe Acrobat Reader: Multiple vulnerabilities
9	Date: January 22, 2007
10	Bugs: #159874
11	ID: 200701-16
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Adobe Acrobat Reader is vulnerable to remote code execution, Denial of
19	Service, and cross-site scripting attacks.
20
21	Background
22	==========
23
24	Adobe Acrobat Reader is a PDF reader released by Adobe.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 app-text/acroread < 7.0.9 >= 7.0.9
33
34	Description
35	===========
36
37	Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code
38	execution via heap corruption when loading a specially crafted PDF
39	file.
40
41	The browser plugin released with Adobe Acrobat Reader (nppdf.so) does
42	not properly handle URLs, and crashes if given a URL that is too long.
43	The plugin does not correctly handle JavaScript, and executes
44	JavaScript that is given as a GET variable to the URL of a PDF file.
45	Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX
46	request parameters following the # character in a URL, allowing for
47	multiple cross-site scripting vulnerabilities.
48
49	Impact
50	======
51
52	An attacker could entice a user to open a specially crafted PDF file
53	and execute arbitrary code with the rights of the user running Adobe
54	Acrobat Reader. An attacker could also entice a user to browse to a
55	specially crafted URL and either crash the Adobe Acrobat Reader browser
56	plugin, execute arbitrary JavaScript in the context of the user's
57	browser, or inject arbitrary HTML or JavaScript into the document being
58	viewed by the user. Note that users who have emerged Adobe Acrobat
59	Reader with the "nsplugin" USE flag disabled are not vulnerable to
60	issues with the Adobe Acrobat Reader browser plugin.
61
62	Workaround
63	==========
64
65	There is no known workaround at this time.
66
67	Resolution
68	==========
69
70	All Adobe Acrobat Reader users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=app-text/acroread-7.0.9"
74
75	References
76	==========
77
78	[ 1 ] CVE-2006-5857
79	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5857
80	[ 2 ] CVE-2007-0044
81	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044
82	[ 3 ] CVE-2007-0045
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045
84	[ 4 ] CVE-2007-0046
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0046
86	[ 5 ] CVE-2007-0048
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200701-16.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2007 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce