Test ID:	1.3.6.1.4.1.25623.1.0.61812
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0974
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0974. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817) The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815) All acroread users are advised to upgrade to these updated packages, that contain Adobe Reader version 8.1.3, and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0974.html Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2549 BugTraq ID: 29420 http://www.securityfocus.com/bid/29420 Cert/CC Advisory: TA08-309A http://www.us-cert.gov/cas/techalerts/TA08-309A.html https://www.exploit-db.com/exploits/5687 http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securitytracker.com/id?1021140 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://download.oracle.com/sunalerts/1019937.1.html SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://www.vupen.com/english/advisories/2008/3001 http://www.vupen.com/english/advisories/2009/0098 XForce ISS Database: acrobatreader-pdf-dos(42886) https://exchange.xforce.ibmcloud.com/vulnerabilities/42886 Common Vulnerability Exposure (CVE) ID: CVE-2008-2992 BugTraq ID: 30035 http://www.securityfocus.com/bid/30035 BugTraq ID: 32091 http://www.securityfocus.com/bid/32091 Bugtraq: 20081104 CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/498032/100/0/threaded Bugtraq: 20081104 Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/498027/100/0/threaded Bugtraq: 20081104 ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498055/100/0/threaded CERT/CC vulnerability note: VU#593409 http://www.kb.cert.org/vuls/id/593409 https://www.exploit-db.com/exploits/6994 https://www.exploit-db.com/exploits/7006 http://secunia.com/secunia_research/2008-14/ http://www.coresecurity.com/content/adobe-reader-buffer-overflow http://www.zerodayinitiative.com/advisories/ZDI-08-072/ http://osvdb.org/49520 http://secunia.com/advisories/29773 http://securityreason.com/securityalert/4549 Common Vulnerability Exposure (CVE) ID: CVE-2008-4812 BugTraq ID: 32100 http://www.securityfocus.com/bid/32100 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755 XForce ISS Database: adobe-acrobatreader-type1font-code-execution(46332) https://exchange.xforce.ibmcloud.com/vulnerabilities/46332 Common Vulnerability Exposure (CVE) ID: CVE-2008-4813 Bugtraq: 20081104 ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498056/100/0/threaded Bugtraq: 20081104 ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498057/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-073/ http://www.zerodayinitiative.com/advisories/ZDI-08-074/ http://securityreason.com/securityalert/4564 XForce ISS Database: adobe-acrobatreader-collab-code-execution(46344) https://exchange.xforce.ibmcloud.com/vulnerabilities/46344 XForce ISS Database: adobe-acrobatreader-object-code-execution(46333) https://exchange.xforce.ibmcloud.com/vulnerabilities/46333 Common Vulnerability Exposure (CVE) ID: CVE-2008-4814 http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124 XForce ISS Database: adobe-javascript-code-execution1(46334) https://exchange.xforce.ibmcloud.com/vulnerabilities/46334 Common Vulnerability Exposure (CVE) ID: CVE-2008-4815 https://bugzilla.redhat.com/show_bug.cgi?id=469882 XForce ISS Database: adobe-acrobat-reader-priv-escalation(46335) https://exchange.xforce.ibmcloud.com/vulnerabilities/46335 Common Vulnerability Exposure (CVE) ID: CVE-2008-4817 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756 http://osvdb.org/49541
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.