This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200904-17
(Adobe Reader: User-assisted execution of arbitrary code)
Multiple vulnerabilities have been discovered in Adobe Reader:
Alin Rad Pop of Secunia Research reported a heap-based buffer overflow
when processing PDF files containing a malformed JBIG2 symbol
dictionary segment (CVE-2009-0193).
possibly an embedded JBIG2 image stream has been reported
Tenable Network Security reported a stack-based buffer overflow that
can be triggered via a crafted argument to the getIcon() method of a
Collab object (CVE-2009-0927).
Sean Larsson of iDefense Labs reported a heap-based buffer overflow
when processing a PDF file containing a JBIG2 stream with a size
inconsistency related to an unspecified table (CVE-2009-0928).
Jonathan Brossard of the iViZ Security Research Team reported an
unspecified vulnerability related to JBIG2 and input validation
Will Dormann of CERT/CC reported a vulnerability lading to memory
corruption related to JBIG2 (CVE-2009-1062).
A remote attacker could entice a user to open a specially crafted PDF
document, possibly leading to the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.
There is no known workaround at this time.
See also :
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.4'
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 36196 (gentoo_GLSA-200904-17.nasl)
Bugtraq ID: 337513416934229
CVE ID: CVE-2009-0193CVE-2009-0658CVE-2009-0927CVE-2009-0928CVE-2009-1061CVE-2009-1062
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.