CVE-2004-0631
CVSS10.0
发布时间 :2004-08-18 00:00:00
修订时间 :2008-09-05 16:38:57
NMCOPS    

[原文]Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.


[CNNVD]Adobe Acrobat Reader For Unix UUDecode缓冲区溢出漏洞(CNNVD-200408-179)

        
        Acrobat是查看和打印Adobe便携文档格式(PDF)文件的程序。
        Unix版本下的Adobe Acrobat Reader 5.0的uudecode功能实现存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。
        Unix版本下的Adobe Acrobat Reader 5.0自动尝试转换UUENCODE编码的文档,由于对其文件名长度缺少充分缓冲区边界检查就直接拷贝到固定的缓冲区中,可触发缓冲区溢出,精心构建恶意文档,诱使用户解析,可能以进程权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:adobe:acrobat_reader:5.0.6Adobe Acrobat Reader 5.0.6
cpe:/a:adobe:acrobat_reader:5.0.5Adobe Acrobat Reader 5.0.5
cpe:/a:adobe:acrobat_reader:5.0Adobe Acrobat Reader 5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0631
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0631
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-179
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16972
(VENDOR_ADVISORY)  XF  adobe-acrobat-uudecode-bo(16972)
http://www.securityfocus.com/bid/10932
(VENDOR_ADVISORY)  BID  10932
http://www.redhat.com/support/errata/RHSA-2004-432.html
(UNKNOWN)  REDHAT  RHSA-2004:432
http://www.adobe.com/support/techdocs/322914.html
(UNKNOWN)  CONFIRM  http://www.adobe.com/support/techdocs/322914.html
http://security.gentoo.org/glsa/glsa-200408-14.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200408-14
http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities
(UNKNOWN)  IDEFENSE  20040812 Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability

- 漏洞信息

Adobe Acrobat Reader For Unix UUDecode缓冲区溢出漏洞
危急 边界条件错误
2004-08-18 00:00:00 2005-10-20 00:00:00
远程※本地  
        
        Acrobat是查看和打印Adobe便携文档格式(PDF)文件的程序。
        Unix版本下的Adobe Acrobat Reader 5.0的uudecode功能实现存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。
        Unix版本下的Adobe Acrobat Reader 5.0自动尝试转换UUENCODE编码的文档,由于对其文件名长度缺少充分缓冲区边界检查就直接拷贝到固定的缓冲区中,可触发缓冲区溢出,精心构建恶意文档,诱使用户解析,可能以进程权限执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Adobe
        -----
        Adobe Acrobat Reader (UNIX) versions 5.09已经修正此漏洞,建议用户下载使用:
        
        http://www.adobe.com

- 漏洞信息 (F34043)

iDEFENSE Security Advisory 2004-08-12.2 (PacketStormID:F34043)
2004-08-13 00:00:00
iDefense Labs  idefense.com
advisory,remote,overflow,arbitrary
linux,unix
CVE-2004-0631
[点击下载]

iDEFENSE Security Advisory 08.12.04-2: Remote exploitation of a buffer overflow in the uudecoding feature of Adobe Acrobat Reader 5.0 for Unix allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded docuements back into their original format. The vulnerability specifically exists in that Acrobat Reader fails to check the length of the filename before copying it into a fixed length buffer. This allows a maliciously constructed file to cause a buffer overflow resulting in the execution of arbitrary code.

Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow
Vulnerability

iDEFENSE Security Advisory 08.12.04:

*I. BACKGROUND*

Adobe Acrobat Reader is a program for viewing Portable Document Format
(PDF) documents. Uuencoding is a scheme that converts 8 bit data into a
6 bit format, suitable for transmission via e-mail.

*II. DESCRIPTION*

Remote exploitation of a buffer overflow in the uudecoding feature of
Adobe Acrobat Reader 5.0 for Unix allows an attacker to execute
arbitrary code.

The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically
attempt to convert uuencoded docuements back into their original format.
The vulnerability specifically exists in that Acrobat Reader fails to
check the length of the filename before copying it into a fixed length
buffer. This allows a maliciously constructed file to cause a buffer
overflow resulting in the execution of arbitrary code.

*III. ANALYSIS*

Successful exploitation allows attackers to execute arbitrary code under
the privileges of the user who opened the malicious document with a
vulnerable version of Adobe Acrobat Reader. PDF documents are frequently
exchanged via e-mail and in combination with a social engineering attack
allows attackers to remotely exploit this vulnerability.

*IV. DETECTION*

Adobe Acrobat Reader (UNIX) versions 5.05 and 5.06 have been confirmed
vulnerable; earlier versions that call the uudecode utility are also
thought to be vulnerable.

*V. WORKAROUNDS*

Users must be wary when opening attachments from untrusted sources
whether they are executable or not. As the Windows version of Acrobat
Reader is not vulnerable to the described vulnerability it can be safely
used to open PDF documents suspected to be maliciously designed to
exploit this issue.

*VI. VENDOR RESPONSE*

iDEFENSE brought this vulnerability to the attention of the vendor
according to the publicized timeline. However, the vendor appears to
have silently fixed this vulnerability without coordinating public
disclosure of the issue. Moreover, the vendor does not appear to have
publicly posted details of the security fix to inform clients of the
risks posed by unpatched versions of the software. While it is not clear
exactly when the vulnerability was patched, iDEFENSE has tested Adobe
Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this
vulnerability.

*VII. CVE INFORMATION*

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2004-0631 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

*VIII. DISCLOSURE TIMELINE*

03/30/2004   Initial vendor notification
04/01/2004   iDEFENSE clients notified
04/06/2004   Initial vendor response
05/19/2004   Date stamp on patched binary
08/12/2004   Public disclosure

*IX. CREDIT*

The discoverer wishes to remain anonymous.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

*X. LEGAL NOTICES*

Copyright     

- 漏洞信息

8655
Adobe Acrobat UUDecode File Name Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Adobe Acrobat Reader contains an input validation error within the "uudecoding" feature. The program fails to check the length of filenames before copying them into a fixed length buffer. This lack on input validation will allow a maliciously constructed file to trigger a buffer overflow allowing arbitrary code execution.

- 时间线

2004-08-12 Unknow
Unknow 2004-05-19

- 解决方案

Upgrade to version 5.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Adobe Acrobat Reader For Unix UUDecode Buffer Overflow Vulnerability
Boundary Condition Error 10932
Yes Yes
2004-08-12 12:00:00 2009-07-12 06:16:00
The person who disclosed this vulnerability wishes to remain anonymous.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
Adobe Acrobat Reader (UNIX) 5.0 6
Adobe Acrobat Reader (UNIX) 5.0 5
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Debian Linux 2.2
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- RedHat Linux 7.3
- RedHat Linux 7.1
- RedHat Linux 7.0
- S.u.S.E. Linux 8.0
- S.u.S.E. Linux 7.1
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
Adobe Acrobat Reader (UNIX) 5.0
Adobe Acrobat Reader (UNIX) 5.0.9
+ Gentoo Linux
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Desktop 1.0
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7

- 不受影响的程序版本

Adobe Acrobat Reader (UNIX) 5.0.9
+ Gentoo Linux
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Desktop 1.0
+ S.u.S.E. Linux Enterprise Server 9
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7

- 漏洞讨论

Acrobat Reader for Unix is reported to be susceptible to a buffer overflow vulnerability when handling UUEncoded data files.

This vulnerability presents itself when Acrobat Reader attempts to view a malicious UUEncoded file. Upon opening a file, Acrobat Reader automatically attempts to decode files that have been UUEncoded.

Successful exploitation could result in execution of arbitrary code in the context of the user opening the malicious file.

Adobe Acrobat for Unix platforms versions 5.05 and 5.06 have been reported vulnerable, version 5.0.9 is reported fixed. Other versions are likely vulnerable as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

It is reported that Acrobat Reader (UNIX) version 5.0.9 is not vulnerable to this issue. This has not been confirmed at the moment.

SuSE has released advisory (SUSE-SA:2004:028), in the addendum of this advisory it is announced that an acroread fix to address this and other vulnerabilities is available on the SuSE updates FTP server:
ftp://ftp.suse.com

Gentoo has released an advisory (GLSA 200408-14) to address multiple issues in Adobe Acrobat Reader. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge sync
emerge -pv ">=app-text/acroread-5.09"
emerge ">=app-text/acroread-5.09"

RedHat has released an advisory (RHSA-2004:432-08) to address Acrobat Reader issues in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.


S.u.S.E. Linux Personal 9.0 x86_64

S.u.S.E. Linux Personal 9.0

S.u.S.E. Linux Personal 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站