Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61812
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0974
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0974.

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)

All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0974.html

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2549
BugTraq ID: 29420
http://www.securityfocus.com/bid/29420
Cert/CC Advisory: TA08-309A
http://www.us-cert.gov/cas/techalerts/TA08-309A.html
https://www.exploit-db.com/exploits/5687
http://www.redhat.com/support/errata/RHSA-2008-0974.html
http://www.securitytracker.com/id?1021140
http://secunia.com/advisories/32700
http://secunia.com/advisories/32872
http://secunia.com/advisories/35163
http://download.oracle.com/sunalerts/1019937.1.html
SuSE Security Announcement: SUSE-SR:2008:026 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://www.vupen.com/english/advisories/2008/3001
http://www.vupen.com/english/advisories/2009/0098
XForce ISS Database: acrobatreader-pdf-dos(42886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42886
Common Vulnerability Exposure (CVE) ID: CVE-2008-2992
BugTraq ID: 30035
http://www.securityfocus.com/bid/30035
BugTraq ID: 32091
http://www.securityfocus.com/bid/32091
Bugtraq: 20081104 CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/498032/100/0/threaded
Bugtraq: 20081104 Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/498027/100/0/threaded
Bugtraq: 20081104 ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498055/100/0/threaded
CERT/CC vulnerability note: VU#593409
http://www.kb.cert.org/vuls/id/593409
https://www.exploit-db.com/exploits/6994
https://www.exploit-db.com/exploits/7006
http://secunia.com/secunia_research/2008-14/
http://www.coresecurity.com/content/adobe-reader-buffer-overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-072/
http://osvdb.org/49520
http://secunia.com/advisories/29773
http://securityreason.com/securityalert/4549
Common Vulnerability Exposure (CVE) ID: CVE-2008-4812
BugTraq ID: 32100
http://www.securityfocus.com/bid/32100
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
XForce ISS Database: adobe-acrobatreader-type1font-code-execution(46332)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46332
Common Vulnerability Exposure (CVE) ID: CVE-2008-4813
Bugtraq: 20081104 ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498056/100/0/threaded
Bugtraq: 20081104 ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498057/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-073/
http://www.zerodayinitiative.com/advisories/ZDI-08-074/
http://securityreason.com/securityalert/4564
XForce ISS Database: adobe-acrobatreader-collab-code-execution(46344)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46344
XForce ISS Database: adobe-acrobatreader-object-code-execution(46333)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46333
Common Vulnerability Exposure (CVE) ID: CVE-2008-4814
http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124
XForce ISS Database: adobe-javascript-code-execution1(46334)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46334
Common Vulnerability Exposure (CVE) ID: CVE-2008-4815
https://bugzilla.redhat.com/show_bug.cgi?id=469882
XForce ISS Database: adobe-acrobat-reader-priv-escalation(46335)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46335
Common Vulnerability Exposure (CVE) ID: CVE-2008-4817
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756
http://osvdb.org/49541
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.