Bug 436263 - (CVE-2008-0883) CVE-2008-0883 acroread: insecure handling of temporary files
CVE-2008-0883 acroread: insecure handling of temporary files
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=osssecurity,reported=20080221,...
: Security
Depends On: 455834 455835 455837
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-06 03:47 EST by Tomas Hoger
Modified: 2016-03-01 04:27 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-25 03:52:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-03-06 03:47:48 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0883 to the following vulnerability:

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite
arbitrary files via a symlink attack on temporary files related to SSL
certificate handling.

Detailed descriptions with suggested solution:
http://marc.info/?l=oss-security&m=120389711215086&w=2

References:
http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html
http://www.securityfocus.com/bid/28091
http://www.frsirt.com/english/advisories/2008/0765
http://secunia.com/advisories/29229
Comment 1 Tomas Hoger 2008-03-06 04:01:06 EST
This problem only affects uncommonly used options of acroread startup script.

This issue was rated as having low security impact and may be addressed in
future Adobe Acrobat Reader reader as shipped in Red Hat Enterprise Linux Extras
/ Supplementary.
Comment 3 Tomas Hoger 2008-07-18 03:16:08 EDT
Upstream advisory for this issues:
  http://www.adobe.com/support/security/advisories/apsa08-02.html

Fixed in upstream version 8.1.2_SU1 (Security Update 1):
  http://www.adobe.com/support/security/bulletins/apsb08-15.html
Comment 4 Red Hat Product Security 2008-07-25 03:52:08 EDT
This issue was addressed in:

Red Hat Enterprise Linux Extras:
  http://rhn.redhat.com/errata/RHSA-2008-0641.html


Note You need to log in before you can comment on or make changes to this bug.