Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
CVE ID: CAN-2005-1625 Remote exploitation of a buffer overflow in Adobe Acrobat Reader for Unix could allow an attacker to execute arbitrary code. The vulnerability specifically exists in the function UnixAppOpenFilePerform(). This routine is called by Acrobat Reader while opening a document containing a /Filespec tag. Within this routine, sprintf is used to copy user-supplied data into a fixed-sized stack buffer. This leads to a stack based overflow and the execution of arbitrary code. The following demonstrates what the overflow looks like in a debugger: #0 0x41414141 in ?? () (gdb) i r ebx ebx 0xbfffef54 -1073746092 (gdb) x/x 0xbfffef54 0xbfffef54: 0x40404040 (gdb) As shown, EIP is easily controllable; ebx also points to the 4 bytes before the EIP overwrite in a controlled buffer. This allows remote exploitation without having to know stack addresses, as an attacker can craft an exploit to return to a jmp ebx or call ebx instruction. Successful exploitation allows an attacker to execute arbitrary code under the privileges of the local user. Remote exploitation is possible via e-mail attachment or link to the maliciously crafted PDF document. The impact of this vulnerability is lessened by the fact that two error messages appear before exploitation is successful; however, closing these windows does not prevent exploitation from occurring. http://www.idefense.com/application/poi/display?id=279&type=vulnerabilities&flashstatus=true Recommendations: Do one of the following: -- If you use Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris, download Adobe Reader 7.0 at www.adobe.com/products/acrobat/readstep2.html. -- If you use Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX, download Adobe Reader 5.0.11 at www.adobe.com/products/acrobat/readstep2.html http://www.adobe.com/support/techdocs/329083.html
seems that we have to dropped acroread 5 then since there is no 5.11 for linux
(In reply to comment #1) > seems that we have to dropped acroread 5 then since there is no 5.11 for linux Some people need acroread-5 because it can show colors correctly, I dont know if these will be happy with dropping the ebuild .. Acroread7 is already stable, so I guess not many gentooers use acroread-5 at the moment.
>Some people need acroread-5 because it can show colors correctly, I dont know if these will be happy with dropping the ebuild .. So what? I don't like Acroread 7 either and had it masked, but that's not a reason to keep vulnerable software.
Yes, it's not like we have much choice here, since Adobe won't release 5.11 on Linux. I think we should mask the old Acrobat and issue a GLSA for this.
I masked it, now waiting for GLSA.
GLSA 200507-09 thanks everyone
