CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#253024

Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()

Overview

A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code.

I. Description

Adobe Acrobat Reader is an application that allows users to view PDF (Portable Document Format) files. Acrobat Reader for UNIX (Linux, Sun Solaris SPARC, IBM AIX, or HP-UX) contains a buffer overflow in the mailListIsPdf() function. This function determines if the specified input file is an email message containing a PDF attachment. When parsing the email message, this function unsafely copies user-supplied data to a fixed size buffer.

II. Impact

An attacker could execute arbitrary code with privileges of the local user. Remote exploitation could be possible by attaching a specially crafted PDF to an email message.

III. Solution

Upgrade Acrobat Reader

This issue is resolved in Acrobat Reader 5.0.10 for UNIX.

Patch acroread shell script

The iDEFENSE Security Advisory 12.14.04 contains an unofficial patch for the acroread shell script. According to the advisory, this patch verifies that the files passed to the Acrobat Reader application are PDF documents.

Systems Affected

VendorStatusDate Updated
Adobe Systems IncorporatedVulnerable15-Dec-2004
Apple Computer Inc.Not Vulnerable24-Feb-2005
ConectivaUnknown5-Jan-2005
Cray Inc.Unknown5-Jan-2005
DebianNot Vulnerable5-Jan-2005
EMC CorporationUnknown5-Jan-2005
EngardeUnknown5-Jan-2005
F5 NetworksUnknown5-Jan-2005
FreeBSDVulnerable6-Jan-2005
FujitsuUnknown5-Jan-2005
GentooVulnerable6-Jan-2005
Hewlett-Packard CompanyUnknown5-Jan-2005
HitachiNot Vulnerable18-Jan-2005
IBMUnknown5-Jan-2005
IBM-zSeriesUnknown5-Jan-2005
IBM eServerUnknown5-Jan-2005
ImmunixUnknown5-Jan-2005
Ingrian NetworksUnknown5-Jan-2005
Juniper NetworksUnknown5-Jan-2005
MandrakeSoftUnknown5-Jan-2005
Microsoft CorporationUnknown5-Jan-2005
MontaVista SoftwareUnknown5-Jan-2005
NEC CorporationNot Vulnerable9-Mar-2005
NETBSDUnknown5-Jan-2005
NokiaUnknown5-Jan-2005
NovellUnknown5-Jan-2005
OpenBSDUnknown5-Jan-2005
Openwall GNU/*/LinuxUnknown5-Jan-2005
RedhatVulnerable6-Jan-2005
SCOUnknown5-Jan-2005
SequentUnknown5-Jan-2005
SGIUnknown5-Jan-2005
Sony CorporationUnknown5-Jan-2005
Sun Microsystems Inc.Unknown5-Jan-2005
SuSE Inc.Vulnerable6-Jan-2005
TurboLinuxUnknown5-Jan-2005
UnisysUnknown5-Jan-2005
Wind River Systems Inc.Unknown5-Jan-2005

References


http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities
http://www.adobe.com/support/techdocs/331153.html
http://secunia.com/advisories/13474/

Credit

This vulnerability was reported by Greg MacManus.

This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 12.14.04 .

Other Information

Date Public12/14/2004
Date First Published01/20/2005 05:23:21 PM
Date Last Updated03/09/2005
CERT Advisory 
CVE NameCAN-2004-1152
Metric1.02
Document Revision7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2005 Carnegie Mellon University