Vulnerability Name:

CVE-2005-1841 (CCN-21252)

Assigned:2005-07-05
Published:2005-07-05
Updated:2008-09-05
Summary:The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-1841

Source: CCN
Type: RHSA-2005-575
Adobe Acrobat Reader security update

Source: CCN
Type: SA14457
Adobe Reader for Linux Insecure Temporary File Creation

Source: SECUNIA
Type: Vendor Advisory
14457

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2005-6/advisory/

Source: CCN
Type: Acrobat Reader Web site
Acrobat Reader

Source: CCN
Type: Adobe Support Knowledgebase Document 329121
Temporary file vulnerability due to Adobe Reader

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/techdocs/329121.html

Source: REDHAT
Type: UNKNOWN
RHSA-2005:575

Source: CCN
Type: BID-14165
Adobe Reader For Unix Local File Disclosure Vulnerability

Source: XF
Type: UNKNOWN
acrobat-reader-control-temp-files(21252)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe acrobat reader 5.0.9
    adobe acrobat reader 5.0.10
    adobe acrobat reader 5.0.9
    adobe acrobat reader 5.0.10
    redhat rhel extras 3
    redhat rhel extras 4