SuSE 11 / 11.1 Security Update : acroread (SAT Patch Numbers 2637 / 2641)

High Nessus Plugin ID 50886

Synopsis

The remote SuSE 11 host is missing a security update.

Description

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. The fixed security issues have been tracked as :

- CVE-2010-1297

- CVE-2010-1240

- CVE-2010-1285

- CVE-2010-1295

- CVE-2010-2168

- CVE-2010-2201

- CVE-2010-2202

- CVE-2010-2203

- CVE-2010-2204

- CVE-2010-2205

- CVE-2010-2206

- CVE-2010-2207

- CVE-2010-2208

- CVE-2010-2209

- CVE-2010-2210

- CVE-2010-2211

- CVE-2010-2212

Solution

Apply SAT patch number 2637 / 2641 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=612064

http://support.novell.com/security/cve/CVE-2010-1240.html

http://support.novell.com/security/cve/CVE-2010-1285.html

http://support.novell.com/security/cve/CVE-2010-1295.html

http://support.novell.com/security/cve/CVE-2010-1297.html

http://support.novell.com/security/cve/CVE-2010-2168.html

http://support.novell.com/security/cve/CVE-2010-2201.html

http://support.novell.com/security/cve/CVE-2010-2202.html

http://support.novell.com/security/cve/CVE-2010-2203.html

http://support.novell.com/security/cve/CVE-2010-2204.html

http://support.novell.com/security/cve/CVE-2010-2205.html

http://support.novell.com/security/cve/CVE-2010-2206.html

http://support.novell.com/security/cve/CVE-2010-2207.html

http://support.novell.com/security/cve/CVE-2010-2208.html

http://support.novell.com/security/cve/CVE-2010-2209.html

http://support.novell.com/security/cve/CVE-2010-2210.html

http://support.novell.com/security/cve/CVE-2010-2211.html

http://support.novell.com/security/cve/CVE-2010-2212.html

Plugin Details

Severity: High

ID: 50886

File Name: suse_11_acroread_ja-100702.nasl

Version: Revision: 1.31

Type: local

Agent: unix

Published: 2010/12/02

Updated: 2014/10/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:acroread_ja, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/07/02

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe Flash Player "newfunction" Invalid Pointer Use)

ExploitHub (EH-11-164)

Reference Information

CVE: CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, CVE-2010-2212