Adobe AcroRead不安全默认字体列表许可漏洞

漏洞信息详情

Adobe AcroRead不安全默认字体列表许可漏洞

• CNNVD编号：CNNVD-200108-185
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-1069
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-08-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  adobe
• 漏洞来源：
  This vulnerability…

基于Linux的用在Adobe Acrobat (acroread)的libCoolType库创建带全域可写许可的AdobeFnt.lst文件。本地用户修改文件和可能修改acroread的性能。

SGI has stated that IRIX 6.5 to 6.5.18 is vulnerable to this issue. Users are advised to upgrade to IRIX 6.5.19 or apply the workaround provided in the advisory.
FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.
This problem has is confirmed to be fixed in Acrobat Reader versions 5.06 and later. Users are advised to contact the vendor for details on upgrading to the most recent version.

来源: BID
名称: 3225
链接:http://www.securityfocus.com/bid/3225

来源: BUGTRAQ
名称: 20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2

来源: lists.debian.org
链接:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html

来源: XF
名称: adobe-acrobat-insecure-permissions(7024)
链接:http://xforce.iss.net/xforce/xfdb/7024