[UNIX] Adobe Acrobat Reader (UNIX) Shell Metacharacter Code Execution Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 08/15/04
- Previous message: SecuriTeam: "[UNIX] Adobe Acrobat Reader (UNIX) Uudecode Filename Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 15 Aug 2004 14:52:21 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Adobe Acrobat Reader (UNIX) Shell Metacharacter Code Execution
Vulnerability
------------------------------------------------------------------------
SUMMARY
" <http://www.adobe.com/products/acrobat/readermain.html> Adobe Reader is
free software that lets you view and print Adobe Portable Document Format
(PDF) files on a variety of devices and operating systems."
An input validation error in the uudecode feature of Adobe Acrobat Reader
allows an attacker to execute arbitrary code.
DETAILS
Vulnerable Systems:
* Adobe Reader versions up to 5.0.6 for Unix, inclusive
Immune Systems:
* Adobe Reader version 5.0.9
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0630>
CAN-2004-0630
Uuencoding is a scheme that converts 8 bit data into a 6-bit format,
suitable for transmission via Email. The Unix and Linux versions of Adobe
Acrobat Reader 5.0 automatically attempt to convert uuencoded documents
back into their original format. The vulnerability specifically exists in
the failure of Acrobat Reader to check for the back tick shell
metacharacter in the filename before executing a command with a shell.
This allows a maliciously constructed filename to execute arbitrary
programs.
Successful exploitation allows attackers to execute arbitrary code under
the privileges of the user who opened the malicious document with a
vulnerable version of Adobe Acrobat Reader.
Vendor Status:
As with the uudecode filename buffer overflow vulnerability, Adobe has
been contacted and have silently fixed this vulnerability without publicly
announcing the vulnerability and alerting potential users of their
software. There are also no details of a security fix so an unsuspecting
user will never know about the potential security compromise. As with the
filename buffer overflow vulnerability, it is unclear when exactly this
issue has been addressed by Adobe. However, users are encouraged to
upgrade to the latest version that is found to be immune.
Disclosure Timeline
* 03/30/2004 Initial vendor notification
* 04/05/2004 iDEFENSE clients notified
* 04/06/2004 Initial vendor response
* 05/19/2004 Date stamp on patched binary
* 08/12/2004 Public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDEFENSE Security Labs.
The original article can be found at:
<http://idefense.com/application/poi/display?id=124&type=vulnerabilities>
http://idefense.com/application/poi/display?id=124&type=vulnerabilities
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] Adobe Acrobat Reader (UNIX) Uudecode Filename Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
