cvelistv5 - CVE-2008-0883

CVE-2008-0883

Vulnerability from cvelistv5

Published

2008-03-06 00:00

Modified

2024-08-07 08:01

Severity ?

Summary

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
cve@mitre.org	http://secunia.com/advisories/29229	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29242
cve@mitre.org	http://secunia.com/advisories/29425
cve@mitre.org	http://secunia.com/advisories/31136
cve@mitre.org	http://secunia.com/advisories/31352
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
cve@mitre.org	http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html	Patch
cve@mitre.org	http://www.adobe.com/support/security/advisories/apsa08-02.html
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0641.html
cve@mitre.org	http://www.securityfocus.com/bid/28091
cve@mitre.org	http://www.securitytracker.com/id?1019539
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0765/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2289
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40987
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29242
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29425
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31136
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31352
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
af854a3a-2127-422b-91ae-364da2661108	http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa08-02.html
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0641.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28091
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019539
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0765/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2289
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40987

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:01:40.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-2289",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2289"
          },
          {
            "name": "28091",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28091"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "GLSA-200803-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "29425",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29425"
          },
          {
            "name": "31352",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31352"
          },
          {
            "name": "29229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29229"
          },
          {
            "name": "240106",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
          },
          {
            "name": "adobe-reader-acroread-symlink(40987)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
          },
          {
            "name": "RHSA-2008:0641",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
          },
          {
            "name": "1019539",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
          },
          {
            "name": "31136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31136"
          },
          {
            "name": "ADV-2008-0765",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0765/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-2289",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2289"
        },
        {
          "name": "28091",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28091"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "GLSA-200803-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "29425",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29425"
        },
        {
          "name": "31352",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31352"
        },
        {
          "name": "29229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29229"
        },
        {
          "name": "240106",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
        },
        {
          "name": "adobe-reader-acroread-symlink(40987)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
        },
        {
          "name": "RHSA-2008:0641",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
        },
        {
          "name": "1019539",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
        },
        {
          "name": "31136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31136"
        },
        {
          "name": "ADV-2008-0765",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0765/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0883",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-2289",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2289"
            },
            {
              "name": "28091",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28091"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "GLSA-200803-26",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "29425",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29425"
            },
            {
              "name": "31352",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31352"
            },
            {
              "name": "29229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29229"
            },
            {
              "name": "240106",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa08-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
            },
            {
              "name": "adobe-reader-acroread-symlink(40987)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
            },
            {
              "name": "RHSA-2008:0641",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
            },
            {
              "name": "1019539",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019539"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
            },
            {
              "name": "31136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31136"
            },
            {
              "name": "ADV-2008-0765",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0765/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0883",
    "datePublished": "2008-03-06T00:00:00",
    "dateReserved": "2008-02-21T00:00:00",
    "dateUpdated": "2024-08-07T08:01:40.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:open_suse:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34074FA4-A9C8-430D-98EB-A0A880E2DF67\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:open_suse:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A876EFC5-50DC-4A6A-A9F2-24D8AC773E7D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:open_suse:10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D71E02A6-5F83-46EC-88C1-687E6EB88F5F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*\", \"matchCriteriaId\": \"DC55429E-B607-402D-A491-0EFE7D522F2A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*\", \"matchCriteriaId\": \"C69ED2AB-9E0D-43B3-90F3-E2E10A5B1773\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_desktop:*:*:*:*:*\", \"matchCriteriaId\": \"C4F119BA-1FCA-41DF-B834-62F14CA8816E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.0:*:ppc:*:*:*:*:*\", \"matchCriteriaId\": \"96F0EAC3-9AC5-4575-80BB-00485619AE51\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.0:*:x86:*:*:*:*:*\", \"matchCriteriaId\": \"CF733F56-9793-4C72-AB61-3A4AA9C468C7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.0:*:x86_64:*:*:*:*:*\", \"matchCriteriaId\": \"3FBC151E-D478-43FA-B5BD-1D8B25C703E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.1:*:ppc:*:*:*:*:*\", \"matchCriteriaId\": \"84B05DB5-3BF9-4576-970B-A1701FC369AB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.1:*:x86:*:*:*:*:*\", \"matchCriteriaId\": \"F15CDDE2-BA9E-4B8D-8B01-21494360290E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.1:*:x86_64:*:*:*:*:*\", \"matchCriteriaId\": \"5B367EE1-EB53-4DC6-B154-FFA99060DA47\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:suse:suse_linux_desktop:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CD7A1DA-1ABA-45B1-A067-3953C761177E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5BEA847-A71E-4336-AB67-B3C38847C1C3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.\"}, {\"lang\": \"es\", \"value\": \"acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elecci\\u00f3n mediante un ataque de enlaces simb\\u00f3licos en ficheros temporales relativos al manejo de certificados SSL.\"}]",
      "id": "CVE-2008-0883",
      "lastModified": "2024-11-21T00:43:08.830",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 3.7, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 1.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-03-06T00:44:00.000",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29229\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29242\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29425\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31136\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31352\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa08-02.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0641.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28091\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019539\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0765/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2289\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40987\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29242\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29425\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa08-02.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0641.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0765/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40987\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug: \\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0883\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.\", \"lastModified\": \"2008-03-06T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0883\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-06T00:44:00.000\",\"lastModified\":\"2024-11-21T00:43:08.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.\"},{\"lang\":\"es\",\"value\":\"acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en ficheros temporales relativos al manejo de certificados SSL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":3.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:open_suse:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34074FA4-A9C8-430D-98EB-A0A880E2DF67\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:open_suse:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A876EFC5-50DC-4A6A-A9F2-24D8AC773E7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:open_suse:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D71E02A6-5F83-46EC-88C1-687E6EB88F5F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*\",\"matchCriteriaId\":\"DC55429E-B607-402D-A491-0EFE7D522F2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*\",\"matchCriteriaId\":\"C69ED2AB-9E0D-43B3-90F3-E2E10A5B1773\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_desktop:*:*:*:*:*\",\"matchCriteriaId\":\"C4F119BA-1FCA-41DF-B834-62F14CA8816E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.0:*:ppc:*:*:*:*:*\",\"matchCriteriaId\":\"96F0EAC3-9AC5-4575-80BB-00485619AE51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.0:*:x86:*:*:*:*:*\",\"matchCriteriaId\":\"CF733F56-9793-4C72-AB61-3A4AA9C468C7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.0:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"3FBC151E-D478-43FA-B5BD-1D8B25C703E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.1:*:ppc:*:*:*:*:*\",\"matchCriteriaId\":\"84B05DB5-3BF9-4576-970B-A1701FC369AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.1:*:x86:*:*:*:*:*\",\"matchCriteriaId\":\"F15CDDE2-BA9E-4B8D-8B01-21494360290E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.1:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"5B367EE1-EB53-4DC6-B154-FFA99060DA47\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:suse_linux_desktop:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD7A1DA-1ABA-45B1-A067-3953C761177E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BEA847-A71E-4336-AB67-B3C38847C1C3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29229\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29242\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29425\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31136\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31352\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa08-02.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0641.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28091\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019539\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0765/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2289\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40987\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29242\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29425\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa08-02.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0641.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0765/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug: \\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0883\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.\",\"lastModified\":\"2008-03-06T00:00:00\"}]}}"
  }
}

RHSA-2008:0641

Vulnerability from csaf_redhat

Published

2008-07-21 13:44

Modified

2024-11-14 10:06

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

Adobe Acrobat Reader allows users to view and print documents in Portable Document Format (PDF). An input validation flaw was discovered in a JavaScript engine used by Acrobat Reader. A malicious PDF file could cause Acrobat Reader to crash or, potentially, execute arbitrary code as the user running Acrobat Reader. (CVE-2008-2641) An insecure temporary file usage issue was discovered in the Acrobat Reader "acroread" startup script. A local attacker could potentially overwrite arbitrary files that were writable by the user running Acrobat Reader, if the victim ran "acroread" with certain command line arguments. (CVE-2008-0883) All acroread users are advised to upgrade to these updated packages, that contain Acrobat Reader version 8.1.2 Security Update 1, and are not vulnerable to these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Acrobat Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to crash\nor, potentially, execute arbitrary code as the user running Acrobat Reader.\n(CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat Reader\n\"acroread\" startup script. A local attacker could potentially overwrite\narbitrary files that were writable by the user running Acrobat Reader, if\nthe victim ran \"acroread\" with certain command line arguments.\n(CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Acrobat Reader version 8.1.2 Security Update 1, and are not\nvulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0641",
        "url": "https://access.redhat.com/errata/RHSA-2008:0641"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "436263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
      },
      {
        "category": "external",
        "summary": "452632",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0641.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:26+00:00",
      "generator": {
        "date": "2024-11-14T10:06:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0641",
      "initial_release_date": "2008-07-21T13:44:00+00:00",
      "revision_history": [
        {
          "date": "2008-07-21T13:44:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-07-21T09:44:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.el4.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.el5.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0883",
      "discovery_date": "2008-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: insecure handling of temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0883"
        },
        {
          "category": "external",
          "summary": "RHBZ#436263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883"
        }
      ],
      "release_date": "2008-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-07-21T13:44:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0641"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "acroread: insecure handling of temporary files"
    },
    {
      "cve": "CVE-2008-2641",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "452632"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: input validation issue in a JavaScript method",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2641"
        },
        {
          "category": "external",
          "summary": "RHBZ#452632",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2641"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641"
        }
      ],
      "release_date": "2008-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-07-21T13:44:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0641"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: input validation issue in a JavaScript method"
    }
  ]
}

rhsa-2008:0641

Vulnerability from csaf_redhat

Published

2008-07-21 13:44

Modified

2024-11-14 10:06

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Acrobat Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to crash\nor, potentially, execute arbitrary code as the user running Acrobat Reader.\n(CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat Reader\n\"acroread\" startup script. A local attacker could potentially overwrite\narbitrary files that were writable by the user running Acrobat Reader, if\nthe victim ran \"acroread\" with certain command line arguments.\n(CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Acrobat Reader version 8.1.2 Security Update 1, and are not\nvulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0641",
        "url": "https://access.redhat.com/errata/RHSA-2008:0641"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "436263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
      },
      {
        "category": "external",
        "summary": "452632",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0641.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:26+00:00",
      "generator": {
        "date": "2024-11-14T10:06:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0641",
      "initial_release_date": "2008-07-21T13:44:00+00:00",
      "revision_history": [
        {
          "date": "2008-07-21T13:44:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-07-21T09:44:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.el4.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.el5.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0883",
      "discovery_date": "2008-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: insecure handling of temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0883"
        },
        {
          "category": "external",
          "summary": "RHBZ#436263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883"
        }
      ],
      "release_date": "2008-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-07-21T13:44:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0641"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "acroread: insecure handling of temporary files"
    },
    {
      "cve": "CVE-2008-2641",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "452632"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: input validation issue in a JavaScript method",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2641"
        },
        {
          "category": "external",
          "summary": "RHBZ#452632",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2641"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641"
        }
      ],
      "release_date": "2008-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-07-21T13:44:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0641"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: input validation issue in a JavaScript method"
    }
  ]
}

rhsa-2008_0641

Vulnerability from csaf_redhat

Published

2008-07-21 13:44

Modified

2024-11-14 10:06

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Acrobat Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to crash\nor, potentially, execute arbitrary code as the user running Acrobat Reader.\n(CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat Reader\n\"acroread\" startup script. A local attacker could potentially overwrite\narbitrary files that were writable by the user running Acrobat Reader, if\nthe victim ran \"acroread\" with certain command line arguments.\n(CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Acrobat Reader version 8.1.2 Security Update 1, and are not\nvulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0641",
        "url": "https://access.redhat.com/errata/RHSA-2008:0641"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "436263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
      },
      {
        "category": "external",
        "summary": "452632",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0641.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:26+00:00",
      "generator": {
        "date": "2024-11-14T10:06:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0641",
      "initial_release_date": "2008-07-21T13:44:00+00:00",
      "revision_history": [
        {
          "date": "2008-07-21T13:44:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-07-21T09:44:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.el4.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.el5.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.2.SU1-2.i386",
                "product": {
                  "name": "acroread-0:8.1.2.SU1-2.i386",
                  "product_id": "acroread-0:8.1.2.SU1-2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.2.SU1-2.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.2.SU1-2.i386",
                  "product_id": "acroread-plugin-0:8.1.2.SU1-2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0883",
      "discovery_date": "2008-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: insecure handling of temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0883"
        },
        {
          "category": "external",
          "summary": "RHBZ#436263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883"
        }
      ],
      "release_date": "2008-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-07-21T13:44:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0641"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "acroread: insecure handling of temporary files"
    },
    {
      "cve": "CVE-2008-2641",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "452632"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: input validation issue in a JavaScript method",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
          "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
          "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2641"
        },
        {
          "category": "external",
          "summary": "RHBZ#452632",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2641"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641"
        }
      ],
      "release_date": "2008-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-07-21T13:44:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
            "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
            "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0641"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: input validation issue in a JavaScript method"
    }
  ]
}

gsd-2008-0883

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

Aliases

CVE-2008-0883

Aliases

CVE-2008-0883

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0883",
    "description": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
    "id": "GSD-2008-0883",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-0883.html",
      "https://access.redhat.com/errata/RHSA-2008:0641"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0883"
      ],
      "details": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
      "id": "GSD-2008-0883",
      "modified": "2023-12-13T01:22:59.183354Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0883",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-2289",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2289"
          },
          {
            "name": "28091",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28091"
          },
          {
            "name": "29242",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "GLSA-200803-26",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
          },
          {
            "name": "SUSE-SR:2008:005",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "29425",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29425"
          },
          {
            "name": "31352",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31352"
          },
          {
            "name": "29229",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29229"
          },
          {
            "name": "240106",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa08-02.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
          },
          {
            "name": "adobe-reader-acroread-symlink(40987)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
          },
          {
            "name": "RHSA-2008:0641",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
          },
          {
            "name": "1019539",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019539"
          },
          {
            "name": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html",
            "refsource": "CONFIRM",
            "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
          },
          {
            "name": "31136",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31136"
          },
          {
            "name": "ADV-2008-0765",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0765/references"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.1:*:ppc:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.1:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.0:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.0:*:x86_64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:open_suse:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:open_suse:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.1:*:x86_64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:open_suse:10.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.0:*:ppc:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_desktop:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux_desktop:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0883"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
            },
            {
              "name": "28091",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28091"
            },
            {
              "name": "29229",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29229"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa08-02.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
            },
            {
              "name": "GLSA-200803-26",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
            },
            {
              "name": "29425",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29425"
            },
            {
              "name": "1019539",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019539"
            },
            {
              "name": "31136",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31136"
            },
            {
              "name": "31352",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31352"
            },
            {
              "name": "RHSA-2008:0641",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
            },
            {
              "name": "240106",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
            },
            {
              "name": "ADV-2008-0765",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0765/references"
            },
            {
              "name": "ADV-2008-2289",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2289"
            },
            {
              "name": "adobe-reader-acroread-symlink(40987)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-03-06T00:44Z"
    }
  }
}

CVE-2008-0883

Vulnerability from fkie_nvd

Published

2008-03-06 00:44

Modified

2024-11-21 00:43

Severity ?

Summary

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
cve@mitre.org	http://secunia.com/advisories/29229	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29242
cve@mitre.org	http://secunia.com/advisories/29425
cve@mitre.org	http://secunia.com/advisories/31136
cve@mitre.org	http://secunia.com/advisories/31352
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
cve@mitre.org	http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html	Patch
cve@mitre.org	http://www.adobe.com/support/security/advisories/apsa08-02.html
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0641.html
cve@mitre.org	http://www.securityfocus.com/bid/28091
cve@mitre.org	http://www.securitytracker.com/id?1019539
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0765/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2289
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40987
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29242
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29425
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31136
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31352
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
af854a3a-2127-422b-91ae-364da2661108	http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa08-02.html
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0641.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28091
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019539
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0765/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2289
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40987

Impacted products

Vendor	Product	Version
suse	open_suse	10.1
suse	open_suse	10.2
suse	open_suse	10.3
suse	suse_linux	10
suse	suse_linux	10
suse	suse_linux	10
suse	suse_linux	10.0
suse	suse_linux	10.0
suse	suse_linux	10.0
suse	suse_linux	10.1
suse	suse_linux	10.1
suse	suse_linux	10.1
suse	suse_linux_desktop	10
adobe	acrobat_reader	8.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:open_suse:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "34074FA4-A9C8-430D-98EB-A0A880E2DF67",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:open_suse:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A876EFC5-50DC-4A6A-A9F2-24D8AC773E7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:open_suse:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D71E02A6-5F83-46EC-88C1-687E6EB88F5F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*",
              "matchCriteriaId": "DC55429E-B607-402D-A491-0EFE7D522F2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "C69ED2AB-9E0D-43B3-90F3-E2E10A5B1773",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_desktop:*:*:*:*:*",
              "matchCriteriaId": "C4F119BA-1FCA-41DF-B834-62F14CA8816E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "96F0EAC3-9AC5-4575-80BB-00485619AE51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:x86:*:*:*:*:*",
              "matchCriteriaId": "CF733F56-9793-4C72-AB61-3A4AA9C468C7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "3FBC151E-D478-43FA-B5BD-1D8B25C703E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "84B05DB5-3BF9-4576-970B-A1701FC369AB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:x86:*:*:*:*:*",
              "matchCriteriaId": "F15CDDE2-BA9E-4B8D-8B01-21494360290E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "5B367EE1-EB53-4DC6-B154-FFA99060DA47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_desktop:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD7A1DA-1ABA-45B1-A067-3953C761177E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BEA847-A71E-4336-AB67-B3C38847C1C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling."
    },
    {
      "lang": "es",
      "value": "acroread en Adobe Acrobat Reader 8.1.2 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en ficheros temporales relativos al manejo de certificados SSL."
    }
  ],
  "id": "CVE-2008-0883",
  "lastModified": "2024-11-21T00:43:08.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-06T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29425"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31136"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31352"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28091"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0765/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2289"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0765/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: \nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0883\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2008-03-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-whm3-pjww-fw7w

Vulnerability from github

Published

2022-05-01 23:33

Modified

2022-05-01 23:33

Details

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-06T00:44:00Z",
    "severity": "LOW"
  },
  "details": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
  "id": "GHSA-whm3-pjww-fw7w",
  "modified": "2022-05-01T23:33:56Z",
  "published": "2022-05-01T23:33:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40987"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29229"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29425"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31136"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31352"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
    },
    {
      "type": "WEB",
      "url": "http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa08-02.html"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-26.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28091"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019539"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0765/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2289"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0883

Vulnerability from cvelistv5

RHSA-2008:0641

Vulnerability from csaf_redhat

rhsa-2008:0641

Vulnerability from csaf_redhat

rhsa-2008_0641

Vulnerability from csaf_redhat

gsd-2008-0883

Vulnerability from gsd

CVE-2008-0883

Vulnerability from fkie_nvd

ghsa-whm3-pjww-fw7w

Vulnerability from github

Tags

Sightings

Nomenclature