[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 507/05 - Two Adobe Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 507/05 dated 06.07.05  Time: 14:30  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Adobe Security Advisories:
1. CAN-2005-1841 - Temporary file vulnerability due to Adobe Reader
2. CAN-2005-1625 - Buffer overflow vulnerability in Adobe Reader  

Detail
====== 

1. A vulnerability within Adobe Reader has been identified.  Under special 
circumstances, temporary files with elevated permissions are created when 
PDF documents are opened using Adobe Reader. 

2. A vulnerability within Adobe Reader has been identified.  Under certain 
circumstances, remote exploitation of a buffer overflow in Adobe Reader 
could allow an attacker to execute arbitrary code. 



1.



Advisory Name :   Temporary file vulnerability due to Adobe Reader 

Release Date: July 05, 2005 

Product : Adobe Reader 5.0.9, 5.0.10 

Platform : Linux, Solaris, HP-UX, IBM-AIX 

Vulnerability Identifier : CAN-2005-1841 

Overview :  A vulnerability within Adobe Reader has been identified.  
Under special circumstances, temporary files with elevated permissions 
are created when PDF documents are opened using Adobe Reader. 

Adobe has solutions available that can rectify these issues.  Please 
refer to the 'Recommendations' section for further information. 

Effect : If exploited, this vulnerability could make it possible for 
malicious, local users to view other users' PDF documents. 

Details : The vulnerability is within the Adobe Reader control.  When 
a PDF file is opened using Adobe Reader, randomly generated temporary 
files are created in the temporary folder.  These temporary files could 
have elevated permissions based on the user's umask.  However these 
temporary files are deleted when the actual PDF document is closed. 

The impact is lessened due to the fact that the original PDF file needs 
to have been left open in Adobe Reader for an attacker to have access to 
the temp files. 

Recommendations :  

.         If you use Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris, 
download Adobe Reader 7.0 at http://www.adobe.com/products/acrobat/readstep2.html <http://www.adobe.com/products/acrobat/readstep2.html> 

.         If you use Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX, 
download Adobe Reader 5.0.11 at http://www.adobe.com/products/acrobat/readstep2.html <http://www.adobe.com/products/acrobat/readstep2.html> 

Caveats : None 

Vulnerability Identifier Cross-Reference : CVE ID: CAN-2005-1841 

Acknowledgment: Adobe would like to thank Secunia for reporting the issue. 

Adobe's Security Vulnerability Advisories :  http://www.adobe.com/advisories 

Adobe Disclaimer 

License agreement 

By using software of Adobe Systems Incorporated or its subsidiaries 
("Adobe"); you agree to the following terms and conditions. If you 
do not agree with such terms and conditions; do not use the software. 
The terms of an end user license agreement accompanying a particular 
software file upon installation or download of the software shall 
supersede the terms presented below. 

The export and re-export of Adobe software products are controlled 
by the United States Export Administration Regulations and such 
software may not be exported or re-exported to Cuba; Iran; Iraq; 
Libya; North Korea; Sudan; or Syria or any country to which the 
United States embargoes goods. In addition; Adobe software may not 
be distributed to persons on the Table of Denial Orders; the Entity 
List; or the List of Specially Designated Nationals. 

By downloading or using an Adobe software product you are certifying 
that you are not a national of Cuba; Iran; Iraq; Libya; North Korea; 
Sudan; or Syria or any country to which the United States embargoes 
goods and that you are not a person on the Table of Denial Orders; 
the Entity List; or the List of Specially Designated Nationals. 

If the software is designed for use with an application software 
product (the "Host Application") published by Adobe; Adobe grants 
you a non-exclusive license to use such software with the Host 
Application only; provided you possess a valid license from Adobe 
for the Host Application. Except as set forth below; such software 
is licensed to you subject to the terms and conditions of the End 
User License Agreement from Adobe governing your use of the Host 
Application. 

DISCLAIMER OF WARRANTIES: YOU AGREE THAT ADOBE HAS MADE NO EXPRESS 
WARRANTIES TO YOU REGARDING THE SOFTWARE AND THAT THE SOFTWARE IS 
BEING PROVIDED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE 
DISCLAIMS ALL WARRANTIES WITH REGARD TO THE SOFTWARE; EXPRESS OR 
IMPLIED; INCLUDING; WITHOUT LIMITATION; ANY IMPLIED WARRANTIES OF 
FITNESS FOR A PARTICULAR PURPOSE; MERCHANTABILITY; MERCHANTABLE 
QUALITY OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. Some states or 
jurisdictions do not allow the exclusion of implied warranties; 
so the above limitations may not apply to you. 

LIMIT OF LIABILITY: IN NO EVENT WILL ADOBE BE LIABLE TO YOU FOR 
ANY LOSS OF USE; INTERRUPTION OF BUSINESS; OR ANY DIRECT; INDIRECT; 
SPECIAL; INCIDENTAL; OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING 
LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT; 
TORT (INCLUDING NEGLIGENCE); STRICT PRODUCT LIABILITY OR OTHERWISE; 
EVEN IF ADOBE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
Some states or jurisdictions do not allow the exclusion or limitation 
of incidental or consequential damages; so the above limitation or 
exclusion may not apply to you. 

 <http://advisories.adobe.com/db/40710/3965749/1.gif> 
- --- 


2.


Advisory Name : Buffer overflow vulnerability in Adobe Reader   

Release Date: July 05, 2005 

Product : Adobe Reader 5.0.9, 5.0.10 

Platform : Linux, Solaris, HP-UX, IBM-AIX 

Vulnerability Identifier : CAN-2005-1625 

Overview :  A vulnerability within Adobe Reader has been identified.  
Under certain circumstances, remote exploitation of a buffer overflow 
in Adobe Reader could allow an attacker to execute arbitrary code. 

Adobe has solutions available that can rectify these issues.  Please 
refer to the 'Recommendations' section for further information. 

Effect : If exploited, it could allow the execution of arbitrary code 
under the privileges of the local user. Remote exploitation is possible 
if the malicious PDF document is sent as an email attachment or if the 
PDF document is accessed via a web link. 

Details : The vulnerability is within the Adobe Reader control .  Under 
special circumstances, if a malicious PDF file is opened using Adobe 
Reader, a stack buffer overflow could occur resulting in the execution 
of arbitrary code. 

Recommendations :  

.         If you use Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris, 
download Adobe Reader 7.0 at http://www.adobe.com/products/acrobat/readstep2.html <http://www.adobe.com/products/acrobat/readstep2.html> 

.         If you use Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX, 
download Adobe Reader 5.0.11 at http://www.adobe.com/products/acrobat/readstep2.html <http://www.adobe.com/products/acrobat/readstep2.html> 

Caveats : None 

Vulnerability Identifier Cross-Reference : CVE ID: CAN-2005-1625 

Acknowledgment: Adobe would like to thank iDEFENSE Labs, for reporting the issue. 

Adobe's Security Vulnerability Advisories :  http://www.adobe.com/advisories 

Adobe Disclaimer 

License agreement 

By using software of Adobe Systems Incorporated or its subsidiaries 
("Adobe"); you agree to the following terms and conditions. If you 
do not agree with such terms and conditions; do not use the software. 
The terms of an end user license agreement accompanying a particular 
software file upon installation or download of the software shall 
supersede the terms presented below. 

The export and re-export of Adobe software products are controlled 
by the United States Export Administration Regulations and such 
software may not be exported or re-exported to Cuba; Iran; Iraq; 
Libya; North Korea; Sudan; or Syria or any country to which the 
United States embargoes goods. In addition; Adobe software may not 
be distributed to persons on the Table of Denial Orders; the Entity 
List; or the List of Specially Designated Nationals. 

By downloading or using an Adobe software product you are certifying 
that you are not a national of Cuba; Iran; Iraq; Libya; North Korea; 
Sudan; or Syria or any country to which the United States embargoes 
goods and that you are not a person on the Table of Denial Orders; 
the Entity List; or the List of Specially Designated Nationals. 

If the software is designed for use with an application software 
product (the "Host Application") published by Adobe; Adobe grants 
you a non-exclusive license to use such software with the Host 
Application only; provided you possess a valid license from Adobe 
for the Host Application. Except as set forth below; such software 
is licensed to you subject to the terms and conditions of the End 
User License Agreement from Adobe governing your use of the Host 
Application. 

DISCLAIMER OF WARRANTIES: YOU AGREE THAT ADOBE HAS MADE NO EXPRESS 
WARRANTIES TO YOU REGARDING THE SOFTWARE AND THAT THE SOFTWARE IS 
BEING PROVIDED TO YOU "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE 
DISCLAIMS ALL WARRANTIES WITH REGARD TO THE SOFTWARE; EXPRESS OR 
IMPLIED; INCLUDING; WITHOUT LIMITATION; ANY IMPLIED WARRANTIES OF 
FITNESS FOR A PARTICULAR PURPOSE; MERCHANTABILITY; MERCHANTABLE 
QUALITY OR NONINFRINGEMENT OF THIRD PARTY RIGHTS. Some states or 
jurisdictions do not allow the exclusion of implied warranties; 
so the above limitations may not apply to you. 

LIMIT OF LIABILITY: IN NO EVENT WILL ADOBE BE LIABLE TO YOU FOR 
ANY LOSS OF USE; INTERRUPTION OF BUSINESS; OR ANY DIRECT; INDIRECT; 
SPECIAL; INCIDENTAL; OR CONSEQUENTIAL DAMAGES OF ANY KIND 
(INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER 
IN CONTRACT; TORT (INCLUDING NEGLIGENCE); STRICT PRODUCT LIABILITY 
OR OTHERWISE; EVEN IF ADOBE HAS BEEN ADVISED OF THE POSSIBILITY OF 
SUCH DAMAGES. Some states or jurisdictions do not allow the exclusion 
or limitation of incidental or consequential damages; so the above 
limitation or exclusion may not apply to you. 

 <http://advisories.adobe.com/db/40717/3965749/1.gif> 
- ---



 
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Adobe for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQsvb5Ypao72zK539AQHBTgP+Ne5Rqh9c0eboRalYBMnekF03lwXn8L6F
FXQmR1VksMOW4s8oblXfLbE8lX4Gg2qoaLjpAm0kZDx1x2He/90b789kO2P/Yu4O
uC8JirLteC3fBzEYL8tLxcWGa/CN11RbQpVyE7/y4egj5RvuuYk0QzIEMJsUWgGj
mho7usEbUJU=
=Ip7R
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________