[UNIX] Adobe Acrobat Reader (UNIX) Uudecode Filename Buffer Overflow Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 08/15/04
- Previous message: SecuriTeam: "[NT] Serv-U Local Privilege Escalation Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 15 Aug 2004 14:56:43 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Adobe Acrobat Reader (UNIX) Uudecode Filename Buffer Overflow
Vulnerability
------------------------------------------------------------------------
SUMMARY
" <http://www.adobe.com/products/acrobat/readermain.html> Adobe Reader is
free software that lets you view and print Adobe Portable Document Format
(PDF) files on a variety of devices and operating systems."
The UNIX version of Adobe Reader (previously Acrobat Reader) is vulnerable
to a buffer overflow in its uudecoding routines that enables an attacker
to facilitate code execution on the target machine.
DETAILS
Vulnerable Systems:
* Adobe Reader versions up to 5.0.6 for UNIX, inclusive
Immune Systems:
* Adobe Reader version 5.0.9 for UNIX
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0631>
CAN-2004-0631
Uuencoding is a scheme that converts 8 bit data into a 6-bit format,
suitable for transmission via Email. The UNIX and Linux versions of Adobe
Acrobat Reader automatically attempt to convert uuencoded documents back
into their original format.
The vulnerability specifically exists in that Acrobat Reader fails to
check the length of the filename before copying it into a fixed length
buffer. This allows a maliciously constructed file to cause a buffer
overflow resulting in the execution of arbitrary code.
Successful exploitation allows attackers to execute arbitrary code under
the privileges of the user who opened the malicious document with a
vulnerable version of Adobe Acrobat Reader. PDF documents are frequently
exchanged via Email and in combination with a social engineering attack
allows attackers to remotely exploit this vulnerability.
Vendor Status:
Adobe has been informed of the buffer overflow condition according to the
publicized timeline. However, the vendor appears to have silently fixed
this vulnerability without coordinating public disclosure of the issue.
Moreover, the vendor does not appear to have publicly posted details of
the security fix to inform clients of the risks posed by un-patched
versions of the software.
Since it is hard to tell at which time Adobe released a fixed version,
users are encouraged to upgrade to the latest 5.0.9 version that was
tested and found immune by iDEFENSE.
Disclosure Timeline
* 03/30/2004 Initial vendor notification
* 04/01/2004 iDEFENSE clients notified
* 04/06/2004 Initial vendor response
* 05/19/2004 Date stamp on patched binary
* 08/12/2004 Public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDEFENSE Security Labs.
The original article can be found at:
<http://idefense.com/application/poi/display?id=125&type=vulnerabilities>
http://idefense.com/application/poi/display?id=125&type=vulnerabilities
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Serv-U Local Privilege Escalation Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [Full-disclosure] iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Lib
... Adobe Reader is a program for viewing Portable Document Format ... Remote exploitation
of an unsafe library path vulnerability in Adobe ... This vulnerability is due to
Adobe Reader using a path for "Security ... (Full-Disclosure) - iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability
... Adobe Reader is a program for viewing Portable Document Format ... Remote exploitation
of an unsafe library path vulnerability in Adobe ... This vulnerability is due to
Adobe Reader using a path for "Security ... (Bugtraq) - [NT] Adobe Reader Security Provider Unsafe Libary Path Vulnerability
... Get your security news from a reliable source. ... Adobe Reader Security
Provider Unsafe Libary Path Vulnerability ... Provider" libraries that contains the
directory the application was ... (Securiteam) - [UNIX] Adobe Acrobat Reader (UNIX) Shell Metacharacter Code Execution Vulnerability
... Get your security news from a reliable source. ... free software that lets you
view and print Adobe Portable Document Format ... An input validation error in the uudecode
feature of Adobe Acrobat Reader ... As with the uudecode filename buffer overflow vulnerability,
... (Securiteam) - SecurityFocus Microsoft Newsletter #165
... Tenable Security ... distribute, manage, and communicate vulnerability
and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln...
... (Focus-Microsoft)
