OSVDB ID: 17615

Title: Adobe Reader for Linux Temp File Permission Weakness Arbitrary Document Disclosure

Info

Disclosure

Jun 29, 2005

Discovery

May 11, 2005

Dates

Exploit

Jun 29, 2005

Solution

Jun 29, 2005

Description

Adobe Reader for Linux contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when opening documents as temporary copies are created insecurely, which will disclose document contents to a local attacker.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 7.0 for Linux or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Adobe Reader for Linux

5.0.10

References

Security Tracker: 1014391
Secunia Advisory ID: 14457 16015
CVE ID: 2005-1841 (see also: NVD)
Other Advisory URL: http://secunia.com/secunia_research/2005-6/advisory/
RedHat RHSA: RHSA-2005:575

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/17615