[Sec-cert] [Other] Schwachstellen in Adobe Reader und Acrobat vor Version 9.3 - APSB10-02

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Mi Jan 13 16:57:10 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung. Wir geben diese Informationen
unveraendert an Sie weiter.

CVE-2009-4324 - Schwachstelle in Adobe Reader und Acrobat

  In Adobe Reader und Acrobat ist eine Schwachstelle in der
  Doc.media.newPlayer Methode des doc.media Objektes vorhanden. Der
  Aufruf dieser Methode in einer ungueltigen Weise fuehrt zum
  Ueberschreiben eines Pointers, was vermutlich durch das fruehzeitige
  Freigeben von noch verwendetem Speicherplatz verursacht wird. Ein
  entfernter Angreifer kann diese Schwachstelle zum Ausfuehren beliebiger
  Befehle mit den Rechten des Anwenders ausnutzen, wenn er diesen dazu
  bringt ein entsprechend aufgebautes PDF mit einem betroffenen Programm
  zu oeffnen. Dies ist auch moeglich, wenn ein Benutzer eine entsprechend
  aufgebaute Webseite oeffnet.
  
  Bitte beachten Sie, dass diese Schwachstelle schon aktiv ausgenutzt.
  Fuer den bis jetzt bekannten Exploit ist das Ausfuehren von JavaScript
  innerhalb von Adobe Reader erforderlich. Weiterhin ist ein Exploit
  bereits oeffentlich verfuegbar.
  

CVE-2009-3953 / CVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 /
CVE-2009-3957 / CVE-2009-3958 / CVE-2009-3959 - Verschiedene
Schwachstellen in den Adobe Reader und Acrobat

  In den Adobe Reader und Acrobat sind verschiedene Schwachstellen die
  unter anderen zu Null Pointer Dereferenzierung, Integer und Buffer
  Overflows, Skript Injection oder 'Memory Corruption' fuehren. Ein
  entfernter Angreifer kann diese Schwachstellen zum ausfuehren
  beliebiger Befehle mit den Rechten der Anwendung ausfuehren, wenn er
  einen Benutzer dazu bringt ein entsprechend aufgebautes PDF zu oeffnen.
  Dies ist auch ueber eine Webseite mit enthaltenen PDF ausnutzbar.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Adobe Reader vor Version 9.3 
  Adobe Acrobat vor Version 9.3

  Alle Betriebssysteme, auf denen die verwundbaren Adobe Produkte laufen
  (Windows, Unix, Macintosh, Linux)

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://www.adobe.com/support/security/bulletins/apsb10-02.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
	Torsten Voss

- --
 
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2010.0027
          Security updates available for Adobe Reader and Acrobat
                              13 January 2010

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Reader 9.2 and earlier versions for Windows, 
                     Macintosh, and UNIX
                   Adobe Acrobat 9.2 and earlier versions for Windows and 
                     Macintosh
Publisher:         Adobe
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-4324 CVE-2009-3959 CVE-2009-3958
                   CVE-2009-3957 CVE-2009-3956 CVE-2009-3955
                   CVE-2009-3954 CVE-2009-3953 CVE-2009-2994

Original Bulletin: 
   http://www.adobe.com/support/security/bulletins/apsb10-02.html

Comment: Please note Adobe has said: "There are reports that this issue is 
         being actively exploited in the wild; the exploit targets Adobe 
         Reader and Acrobat 9.2 on Windows platforms."

- - --------------------------BEGIN INCLUDED TEXT--------------------

Security updates available for Adobe Reader and Acrobat

Release date: January 12, 2010

Vulnerability identifier: APSB10-02

CVE numbers: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, 
CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324

Platform: All

Summary

Critical vulnerabilities have been identified in Adobe Reader 9.2 and 
Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and 
Acrobat 8.1.7 for Windows and Macintosh. These vulnerabilities could cause 
the application to crash and could potentially allow an attacker to take 
control of the affected system.

Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier 
versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and 
Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions 
for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on 
Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has 
provided the Adobe Reader 8.2 update. Updates apply to all platforms: 
Windows, Macintosh and UNIX.

Affected software versions

Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh

Solution

Adobe Reader
Adobe Reader users on Windows, Macintosh and UNIX can find the appropriate 
update here:
  http://get.adobe.com/reader.

Acrobat
Acrobat Standard and Pro users on Windows can find the appropriate update 
here:
  http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can find the appropriate update here: 
  http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.

Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

Note: Support has ended for Adobe Reader 8.x on the UNIX platform, and Adobe 
      Reader 7.x and Acrobat 7.x on Windows, Macintosh and UNIX platforms.

Severity rating

Adobe categorizes this as a critical update and recommends that users apply 
the update for their product installations.

Details

Critical vulnerabilities have been identified in Adobe Reader 9.2 and 
Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and 
Acrobat 8.1.7 for Windows and Macintosh. These vulnerabilities could cause 
the application to crash and could potentially allow an attacker to take 
control of the affected system.

Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier 
versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and 
Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions 
for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on 
Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has 
provided the Adobe Reader 8.2 update. Updates apply to all platforms: 
Windows, Macintosh and UNIX.

This update resolves a use-after-free vulnerability in Multimedia.api that 
could lead to code execution (CVE-2009-4324).
Note: There are reports that this issue is being actively exploited in the 
wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms.

This update resolves an array boundary issue in U3D support that could lead 
to code execution (CVE-2009-3953).
Note: This issue had been incorrectly identified as a previously fixed 
vulnerability (CVE-2009-2994) in the Metasploit framework.

This update resolves a DLL-loading vulnerability in 3D that could allow 
arbitrary code execution (CVE-2009-3954).

This update resolves a memory corruption vulnerability that could lead to 
code execution (CVE-2009-3955).

This update mitigates a script injection vulnerability by changing the 
Enhanced Security default (CVE-2009-3956).

This update resolves a null-pointer dereference vulnerability that could 
lead to denial of service (CVE-2009-3957).

This update resolves a buffer overflow vulnerability in the Download Manager 
that could lead to code execution (CVE-2009-3958).

This update resolves an integer overflow vulnerability in U3D support that 
could lead to code execution (CVE-2009-3959).

Acknowledgements

Adobe would like to thank the following individuals and organizations for 
reporting the relevant issues and for working with Adobe to help protect our 
customers:

    * Parvez Anwar via Secunia (CVE-2009-3953)
    * Greg MacManus of iSIGHT Partners Labs (CVE-2009-3954)
    * Code Audit Labs through iDefense's Vulnerability Contributor Program (CVE-2009-3955)
    * stratsec (CVE-2009-3956)
    * Didier Stevens (CVE-2009-3957)
    * Will Dormann of CERT (CVE-2009-3958)
    * Nicolas Joly of VUPEN Vulnerability Research Team (CVE-2009-3959)

- - --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert at auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFLTWdTNVH5XJJInbgRAnYQAJoC0UQM4oV/KOMZEIsmUxoBxbAcqACfdrp0
tC9U6D6YkDgsu+X6gGSFyPw=
=4iFr
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLTe1WWmhIvjFb90URAjzfAKCHXyhIzAro7aWG+Jj6RASSHfN8ngCfYgDR
MwY8qtKBF8Qc5C2Bl17qBGQ=
=i0KP
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert