Vulnerability Name:

CVE-2001-1069 (CCN-7024)

Assigned:2001-08-22
Published:2001-08-22
Updated:2017-10-10
Summary:libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: FreeBSD Security Notice FreeBSD-SN-02:05
security issues in ports

Source: CCN
Type: BugTraq Mailing List, Wed Aug 22 2001 - 07:55:46 CDT
Adobe Acrobat creates world writable ~/AdobeFnt.lst files

Source: CCN
Type: BugTraq Mailing List, Wed Aug 22 2001 - 12:35:07 CDT
Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files

Source: CCN
Type: BugTraq Mailing List, Wed Aug 22 2001 - 15:34:19 CDT
Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files

Source: CCN
Type: BugTraq Mailing List, Thu Aug 23 2001 - 15:07:01 CDT
Re: Adobe Acrobat creates world writable ~/AdobeFnt.lst files

Source: CCN
Type: BugTraq Mailing List, Mon Jun 24 2002 - 16:33:42 CDT
Acrobat reader 5.05 temp file insecurity

Source: CCN
Type: BugTraq Mailing List, Wed Jun 26 2002 - 19:04:42 CDT
Re: Acrobat reader 5.05 temp file insecurity

Source: MITRE
Type: CNA
CVE-2001-1069

Source: MISC
Type: Vendor Advisory
http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html

Source: BUGTRAQ
Type: UNKNOWN
20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files

Source: CCN
Type: OSVDB ID: 14818
Adobe Acrobat (acroread) libCoolType Library AdobeFnt.lst Permission Weakness

Source: BID
Type: Patch, Vendor Advisory
3225

Source: CCN
Type: BID-3225
Adobe AcroRead Insecure Default Font List Permissions Vulnerability

Source: XF
Type: UNKNOWN
adobe-acrobat-insecure-permissions(7024)

Source: XF
Type: UNKNOWN
adobe-acrobat-insecure-permissions(7024)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:ports_collection:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe acrobat reader 4.0.5
    adobe acrobat reader 5.0.5
    freebsd ports collection *