RHEL 3 / 4 / 5 : acroread (RHSA-2008:0144)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated acroread packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The Adobe Reader allows users to view and print documents in portable
document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed
PDF files. An attacker could create a malicious PDF file which could
execute arbitrary code if opened by a victim. (CVE-2007-5659,
CVE-2007-5663, CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored
certain requests. A malicious PDF file could cause the browser to
request an unauthorized URL, allowing for a cross-site request forgery
attack. (CVE-2007-0044)

A flaw was found in Adobe Reader's JavaScript API DOC.print function.
A malicious PDF file could silently trigger non-interactive printing
of the document, causing multiple copies to be printed without the
users consent. (CVE-2008-0667)

Additionally, this update fixes multiple unknown flaws in Adobe
Reader. When the information regarding these flaws is made public by
Adobe, it will be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7.
All users of Adobe Reader are, therefore, advised to install these
updated packages. They contain Adobe Reader version 8.1.2, which is
not vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2007-0044.html
https://www.redhat.com/security/data/cve/CVE-2007-5659.html
https://www.redhat.com/security/data/cve/CVE-2007-5663.html
https://www.redhat.com/security/data/cve/CVE-2007-5666.html
https://www.redhat.com/security/data/cve/CVE-2008-0655.html
https://www.redhat.com/security/data/cve/CVE-2008-0667.html
https://www.redhat.com/security/data/cve/CVE-2008-0726.html
http://rhn.redhat.com/errata/RHSA-2008-0144.html

Solution :

Update the affected acroread and / or acroread-plugin packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 40715 ()

Bugtraq ID:

CVE ID: CVE-2007-0044
CVE-2007-5659
CVE-2007-5663
CVE-2007-5666
CVE-2008-0655
CVE-2008-0667
CVE-2008-0726