FreeBSD : acroread uudecoder input validation error (78348ea2-ec91-11d8-b913-000c41e2cdad)

Critical Nessus Plugin ID 14266


The remote FreeBSD host is missing one or more security-related updates.


An iDEFENSE security advisory reports :

Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute arbitrary code.

The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded documents back into their original format. The vulnerability specifically exists in the failure of Acrobat Reader to check for the backtick shell metacharacter in the filename before executing a command with a shell. This allows a maliciously constructed filename to execute arbitrary programs.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 14266

File Name: freebsd_acroread_509.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/08/12

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:acroread, p-cpe:/a:freebsd:freebsd:acroread4, p-cpe:/a:freebsd:freebsd:acroread5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/08/12

Vulnerability Publication Date: 2004/08/12

Reference Information

CVE: CVE-2004-0630