Bug 87935

Summary:	app-text/acroread: Local Files Detection Weakness
Product:	Gentoo Security	Reporter:	Luke Macken (RETIRED) <lewk>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	trivial	CC:	genstef, printing
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0035
Whiteboard:	~4 [ebuild] lewk
Package list:		Runtime testing required:	---

Description Luke Macken (RETIRED) gentoo-dev

2005-04-04 11:01:27 UTC

TITLE:
Adobe Reader Local Files Detection Weakness

SECUNIA ADVISORY ID:
SA14813

VERIFY ADVISORY:
http://secunia.com/advisories/14813/

CRITICAL:
Not critical

IMPACT:
Exposure of system information

WHERE:
>From remote

SOFTWARE:
Adobe Reader 7.x
http://secunia.com/product/4546/

DESCRIPTION:
NISCC has reported a weakness in Adobe Reader, which can be exploited
by malicious people to enumerate files on a user's system.

The problem is caused due to an error in the "LoadFile()" method
making it possible to determine if a queried local file exists.

The weakness has been reported in version 7.0 and prior.

SOLUTION:
Update to version 7.0.1.

PROVIDED AND/OR DISCOVERED BY:
NISCC

ORIGINAL ADVISORY:
NISCC:
http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf

Comment 1 Luke Macken (RETIRED) gentoo-dev

2005-04-04 11:03:18 UTC

printing, please verify/advise/bump.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-04-08 06:52:45 UTC

Adding recent bumper, since herd is dead

genstef: you added 7.0, please bump to 7.0.1

Comment 3 Luke Macken (RETIRED) gentoo-dev

2005-04-08 11:24:51 UTC

This is a Windows only issue, which the original email did not state.

*shakes his fist at secunia*