CVE-2008-0883

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Open_suse	Suse	10.1 (including)	10.1 (including)
Open_suse	Suse	10.2 (including)	10.2 (including)
Open_suse	Suse	10.3 (including)	10.3 (including)
Suse_linux	Suse	10 (including)	10 (including)
Suse_linux	Suse	10-sp1 (including)	10-sp1 (including)
Suse_linux	Suse	10.0 (including)	10.0 (including)
Suse_linux	Suse	10.1 (including)	10.1 (including)
Suse_linux_desktop	Suse	10 (including)	10 (including)
Extras for RHEL 3	RedHat	acroread-0:8.1.2.SU1-2	*
Extras for RHEL 4	RedHat	acroread-0:8.1.2.SU1-2.el4	*
Supplementary for Red Hat Enterprise Linux 5	RedHat	acroread-0:8.1.2.SU1-2.el5	*
Acroread	Ubuntu	dapper	*
Acroread	Ubuntu	edgy	*
Acroread	Ubuntu	upstream	*

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0883
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

References

CVE-2008-0883

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References