Title: Adobe Acrobat Reader Insecure Temporary File Creation Vulnerability
Severity: MODERATE
Description:
Acroread is a freely available PDF document reading utility distributed by Adobe. It is available for Unix and Linux variant operating environments.
A vulnerabilty has been reported in Adobe Acroread 4.05 that may make it possible to exploit symbolic link attacks. Acroread creates temporary files with predictable filenames and also does not check for the existence of files or symbolic links. As a result, a file may be created that may corrupt an existing file in the temporary directory.
This problem is further compounded by the fact that Acroread does not check whether or not the file is a symbolic link. In the event of the temporary file being a symbolic link, the file at the end of the symbolic link would be overwritten. This could result in a corruption or loss of data.
This problem makes it possible to exploit a symbolic link attack, and potentially overwrite files. It could additionally lead to elevated privileges.
This vulnerability has been reported for the Linux Acroread 4.05. It is not known whether other versions of Acroread are vulnerable.
Affected Products:
- Adobe Acrobat Reader (UNIX) 4.0.05
References:
- Adobe: Adobe Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
