CVE-2004-0630
CVSS10.0
发布时间 :2004-08-18 00:00:00
修订时间 :2008-09-05 16:38:57
NMCOPS    

[原文]The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.


[CNNVD]Adobe Acrobat Reader shell元字符任意命令执行漏洞(CNNVD-200408-193)

        
        Acrobat是查看和打印Adobe便携文档格式(PDF)文件的程序。
        Unix版本下的Adobe Acrobat Reader不正确过滤用户提供的数据,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意命令。
        Unix版本下的Adobe Acrobat Reader 5.0自动尝试转换UUENCODE编码的文档,但在进行解码过程中,没有充分过滤SHELL元字符数据,如果攻击者通过构建包含恶意SHELL元字符作为文件名的PDF文档,当进行UUENCODE解码时可以进程权限在系统上执行任意命令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:adobe:acrobat_reader:5.0.6Adobe Acrobat Reader 5.0.6
cpe:/a:adobe:acrobat_reader:5.0.5Adobe Acrobat Reader 5.0.5
cpe:/a:adobe:acrobat_reader:5.0Adobe Acrobat Reader 5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0630
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0630
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-193
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/10931
(VENDOR_ADVISORY)  BID  10931
http://xforce.iss.net/xforce/xfdb/16973
(VENDOR_ADVISORY)  XF  acrobat-reader-execute-code(16973)
http://www.redhat.com/support/errata/RHSA-2004-432.html
(UNKNOWN)  REDHAT  RHSA-2004:432
http://www.adobe.com/support/techdocs/322914.html
(UNKNOWN)  CONFIRM  http://www.adobe.com/support/techdocs/322914.html
http://security.gentoo.org/glsa/glsa-200408-14.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200408-14
http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities
(UNKNOWN)  IDEFENSE  20040812 Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution Vulnerability

- 漏洞信息

Adobe Acrobat Reader shell元字符任意命令执行漏洞
危急 输入验证
2004-08-18 00:00:00 2005-10-20 00:00:00
远程  
        
        Acrobat是查看和打印Adobe便携文档格式(PDF)文件的程序。
        Unix版本下的Adobe Acrobat Reader不正确过滤用户提供的数据,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意命令。
        Unix版本下的Adobe Acrobat Reader 5.0自动尝试转换UUENCODE编码的文档,但在进行解码过程中,没有充分过滤SHELL元字符数据,如果攻击者通过构建包含恶意SHELL元字符作为文件名的PDF文档,当进行UUENCODE解码时可以进程权限在系统上执行任意命令。
        

- 公告与补丁

        厂商补丁:
        Adobe
        -----
        Adobe Acrobat Reader (UNIX) versions 5.09已经修正此漏洞,建议用户下载使用:
        
        http://www.adobe.com/products/acrobat/readstep2.html

- 漏洞信息 (F34042)

iDEFENSE Security Advisory 2004-08-12.t (PacketStormID:F34042)
2004-08-13 00:00:00
iDefense Labs,Greg MacManus  idefense.com
advisory,remote,arbitrary,shell
linux,unix
CVE-2004-0630
[点击下载]

iDEFENSE Security Advisory 08.12.04: Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded documents back into their original format. The vulnerability specifically exists in the failure of Acrobat Reader to check for the backtick shell metacharacter in the filename before executing a command with a shell. This allows a maliciously constructed filename to execute arbitrary programs.

Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution
Vulnerability

iDEFENSE Security Advisory 08.12.04:

*I. BACKGROUND*

Adobe Acrobat Reader is a program for viewing Portable Document Format
(PDF) documents. Uuencoding is a scheme that converts 8 bit data into a
6 bit format, suitable for transmission via e-mail.

*II. DESCRIPTION*

Remote exploitation of an input validation error in the uudecoding
feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute
arbitrary code.

The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically
attempt to convert uuencoded documents back into their original format.
The vulnerability specifically exists in the failure of Acrobat Reader
to check for the backtick shell metacharacter in the filename before
executing a command with a shell. This allows a maliciously constructed
filename to execute arbitrary programs.

*III. ANALYSIS*

Successful exploitation allows attackers to execute arbitrary code under
the privileges of the user who opened the malicious document with a
vulnerable version of Adobe Acrobat Reader. PDF documents are frequently
exchanged via e-mail and in combination with a social engineering attack
allows attackers to remotely exploit this vulnerability.

*IV. DETECTION*

Adobe Acrobat Reader (Unix) versions 5.05 and 5.06 have been confirmed
vulnerable; earlier versions that call the uudecode utility are also
thought to be vulnerable.

*V. WORKAROUNDS*

Users must be wary when opening attachments from untrusted sources
whether they are executable or not. As the Windows version of Acrobat
Reader is not vulnerable to the described vulnerability it can be safely
used to open PDF documents suspected to be maliciously designed to
exploit this issue.

*VI. VENDOR RESPONSE*

iDEFENSE brought this vulnerability to the attention of the vendor
according to the publicized timeline. However, the vendor appears to
have silently fixed this vulnerability without coordinating public
disclosure of the issue. Moreover, the vendor does not appear to have
publicly posted details of the security fix to inform clients of the
risks posed by unpatched versions of the software. While it is not clear
exactly when the vulnerability was patched, iDEFENSE has tested Adobe
Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this
vulnerability.

*VII. CVE INFORMATION*

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2004-0630 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

*VIII. DISCLOSURE TIMELINE*

03/30/2004   Initial vendor notification
04/05/2004   iDEFENSE clients notified
04/06/2004   Initial vendor response
05/19/2004   Date stamp on patched binary
08/12/2004   Public disclosure

*IX. CREDIT*

Greg MacManus (iDEFENSE Labs) is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

*X. LEGAL NOTICES*

Copyright     

- 漏洞信息

8654
Adobe Acrobat UUEncode Shell Metacharacter Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

Acrobat Reader contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when Acrobat Reader tries to convert uuencoded documents into their original format. When doing so it doesn't check for backtick shell metacharacter in the filename before executing a shell command when opened. By exploiting this flaw attacker could construct a file with a name that would execute arbitrary commands resulting in a loss of integrity.

- 时间线

2004-08-12 2004-03-30
Unknow 2004-05-19

- 解决方案

Upgrade to version Acrobat Reader (UNIX) 5.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Adobe Acrobat Reader Shell Metacharacter Remote Arbitrary Code Execution Vulnerability
Input Validation Error 10931
Yes No
2004-08-12 12:00:00 2009-07-12 06:16:00
Discovery is credited to Greg MacManus (iDEFENSE Labs).

- 受影响的程序版本

S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
Adobe Acrobat Reader (UNIX) 5.0 6
Adobe Acrobat Reader (UNIX) 5.0 5
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Debian Linux 2.2
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- RedHat Linux 7.3
- RedHat Linux 7.1
- RedHat Linux 7.0
- S.u.S.E. Linux 8.0
- S.u.S.E. Linux 7.1
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
Adobe Acrobat Reader (UNIX) 5.0
Adobe Acrobat Reader (UNIX) 5.0.9
+ Gentoo Linux
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Desktop 1.0
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7

- 不受影响的程序版本

Adobe Acrobat Reader (UNIX) 5.0.9
+ Gentoo Linux
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Desktop 1.0
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7

- 漏洞讨论

A remote code execution vulnerability is identified in Adobe Acrobat Reader. This issue may allow an attacker gain unauthorized access to a vulnerable computer.

Acrobat Reader is affected by a shell metacharacter command execution vulnerability. This issue exists due to insufficient sanitization of user-supplied data by Acrobat Reader for Unix and Linux platforms. Successful exploitation can allow an attacker to use a specially crafted file name to execute arbitrary commands and applications through the shell.

Adobe Acrobat Reader version 5.0 for Unix and Linux platforms is reported vulnerable to this issue. Acrobat Reader for Microsoft Windows platforms is not affected by this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

It is reported that Acrobat Reader (UNIX) version 5.0.9 is not vulnerable to this issue. This has not been confirmed at the moment.

SuSE has released advisory (SUSE-SA:2004:028), in the addendum of this advisory it is announced that an acroread fix to address this and other vulnerabilities is available on the SuSE updates FTP server:
ftp://ftp.suse.com

Gentoo has released an advisory (GLSA 200408-14) to address multiple issues in Adobe Acrobat Reader. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge sync
emerge -pv ">=app-text/acroread-5.09"
emerge ">=app-text/acroread-5.09"

RedHat has released an advisory (RHSA-2004:432-08) to address Acrobat Reader issues in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.


S.u.S.E. Linux Personal 9.0 x86_64

S.u.S.E. Linux Personal 9.0

S.u.S.E. Linux Personal 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站