What Are You Looking For?

Sign Up

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-12
- - - ---------------------------------------------------------------------

          PACKAGE : acroread
          SUMMARY : arbitrary code execution
             DATE : 2003-06-25 21:54 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =acroread-5.07
              CVE : CAN-2003-0434

- - - ---------------------------------------------------------------------

from advisory: 
"Valid PDF files can contain malicious external-type hyperlinks that can 
execute arbitrary shell commands underneath Unix with various PDF 
viewers/readers.

The hyperlinks must be activated or followed for the malicious script 
to run.  The obvious case is for a user to click on one. "

Read the full advisory at 
https://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/acroread upgrade to acroread-5.07 as follows

emerge sync
emerge acroread
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - - ---------------------------------------------------------------------

Gentoo: acroread arbitrary code execution vulnerability

Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-12


from advisory: 
"Valid PDF files can contain malicious external-type hyperlinks that can 
execute arbitrary shell commands underneath Unix with various PDF 
viewers/readers.

The hyperlinks must be activated or followed for the malicious script 
to run.  The obvious case is for a user to click on one. "

Read the full advisory at 
https://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/acroread upgrade to acroread-5.07 as follows

emerge sync
emerge acroread
emerge clean

aliz@gentoo.org - GnuPG key is available at

Resolution

References

Availability

Concerns

Severity
PACKAGE : acroread
SUMMARY : arbitrary code execution
DATE : 2003-06-25 21:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =acroread-5.07
CVE : CAN-2003-0434

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Ubuntu Linux 23.10 Is Adding an Important New Security Feature

Oct 11, 2023

Hackers Using BlueShell Malware to Attack Windows, Linux, and Mac Systems

Sep 8, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug
Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

Footer Logo