SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Reader Incorrect Temporary File Permissions May Disclose PDF Files to Local Users
SecurityTracker Alert ID:  1014391
SecurityTracker URL:  http://securitytracker.com/id/1014391
CVE Reference:   CVE-2005-1841   (Links to External Site)
Date:  Jul 5 2005
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0.9, 5.0.10
Description:   A temporary file vulnerability was reported in Adobe Reader, affecting Linux/UNIX systems. A local user may be able to view the target user's PDF documents.

In certain situations, Adobe Reader control creates temporary files in the temporary directory. The files may have elevated permissions based on the target user's umask. As a result, a local user may be able to view the temporary files to gain read-access to the target user's PDF files.

The temporary files are removed when the document is closed.

The vendor credits Secunia with reporting this vulnerability.

Impact:   A local user may be able to view the target user's PDF documents.
Solution:   The vendor has issued a fixed version (5.0.11, 7.0).

Users of Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris can download Adobe Reader 7.0, available at:

http://www.adobe.com/products/acrobat/readstep2.html

Users of Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX can download Adobe Reader 5.0.11, available at:

http://www.adobe.com/products/acrobat/readstep2.html

Vendor URL:  www.adobe.com/support/techdocs/329121.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 8 2005 (Red Hat Issues Fix) Adobe Reader Incorrect Temporary File Permissions May Disclose PDF Files to Local Users
Red Hat has released a fix for Red Hat Enterprise Linux Extras.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC