FreeBSD : acroread uudecoder input validation error (78348ea2-ec91-11d8-b913-000c41e2cdad)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

An iDEFENSE security advisory reports :

Remote exploitation of an input validation error in the uudecoding
feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to
execute arbitrary code.

The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically
attempt to convert uuencoded documents back into their original
format. The vulnerability specifically exists in the failure of
Acrobat Reader to check for the backtick shell metacharacter in the
filename before executing a command with a shell. This allows a
maliciously constructed filename to execute arbitrary programs.

See also :

http://www.nessus.org/u?09112fc9
http://www.nessus.org/u?d919c446

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 14266 (freebsd_acroread_509.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0630

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now