CVE-2008-4815 - OpenCVE

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Acrobat Reader Acrobat
Unix	Unix

Configuration 1 [-]

AND

cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:adobe:acrobat::unknown:3d:::::
	cpe:2.3:a:adobe:acrobat::unknown:professional:::::
	cpe:2.3:a:adobe:acrobat::unknown:standard:::::
	cpe:2.3:a:adobe:acrobat:8.1.1:::::::*
	cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:::::*
	cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:::::*
	cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:::::*
	cpe:2.3:a:adobe:acrobat_reader::::::::

References

Link	Resource
http://download.oracle.com/sunalerts/1019937.1.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/32700
http://secunia.com/advisories/32872
http://www.adobe.com/support/security/bulletins/apsb08-19.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0974.html
http://www.securityfocus.com/bid/32100
http://www.securitytracker.com/id?1021140
http://www.us-cert.gov/cas/techalerts/TA08-309A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3001
http://www.vupen.com/english/advisories/2009/0098
https://bugzilla.redhat.com/show_bug.cgi?id=469882
https://exchange.xforce.ibmcloud.com/vulnerabilities/46335

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-05T14:51:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-10-31T00:00:00

Link: CVE-2008-4815

JSON object: View

NVD Information

Status : Modified

Published: 2008-11-05T15:00:14.557

Modified: 2018-10-30T16:25:42.873

Link: CVE-2008-4815

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32700", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32700"}, {"name": "32100", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32100"}, {"name": "adobe-acrobat-reader-priv-escalation(46335)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46335"}, {"name": "249366", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://download.oracle.com/sunalerts/1019937.1.html"}, {"name": "32872", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32872"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"}, {"name": "ADV-2009-0098", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0098"}, {"name": "TA08-309A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"}, {"name": "1021140", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021140"}, {"name": "ADV-2008-3001", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3001"}, {"name": "SUSE-SR:2008:026", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"name": "RHSA-2008:0974", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32700", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32700"}, {"name": "32100", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32100"}, {"name": "adobe-acrobat-reader-priv-escalation(46335)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46335"}, {"name": "249366", "refsource": "SUNALERT", "url": "http://download.oracle.com/sunalerts/1019937.1.html"}, {"name": "32872", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32872"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=469882", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"}, {"name": "ADV-2009-0098", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0098"}, {"name": "TA08-309A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"}, {"name": "1021140", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021140"}, {"name": "ADV-2008-3001", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3001"}, {"name": "SUSE-SR:2008:026", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"name": "RHSA-2008:0974", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4815", "datePublished": "2008-11-05T14:51:00", "dateReserved": "2008-10-31T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:unknown:3d:*:*:*:*:*", "matchCriteriaId": "E3E09C95-5726-486C-86C6-F1E98D281DDD", "versionEndIncluding": "8.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:unknown:professional:*:*:*:*:*", "matchCriteriaId": "FF117631-0095-4139-AFAC-D2C9050674AD", "versionEndIncluding": "8.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:unknown:standard:*:*:*:*:*", "matchCriteriaId": "3AA6AB66-8399-41E9-9688-7EEC083AFEBB", "versionEndIncluding": "8.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8665E53-EC1E-4B95-9064-2565BC12113E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:*:*:*:*:*", "matchCriteriaId": "C05B37C5-3043-4398-B009-7FFD5AF9D9FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:*:*:*:*:*", "matchCriteriaId": "73AE4111-A2AD-41A6-9F74-6C5DCBAD7B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:*:*:*:*:*", "matchCriteriaId": "A72B429E-3C05-49A2-8097-72D968473B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "612599DD-94C9-4ECF-8986-C3BF355779B4", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que est\u00e1 asociado a una RPATH no segura."}], "id": "CVE-2008-4815", "lastModified": "2018-10-30T16:25:42.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-05T15:00:14.557", "references": [{"source": "cve@mitre.org", "url": "http://download.oracle.com/sunalerts/1019937.1.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32700"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32872"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32100"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021140"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3001"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0098"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46335"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}