Accessibility

Support Knowledgebase

Security Advisory: Adobe Document Server for Reader Extensions authentication vulnerability

Advisory Name: Adobe Document Server for Reader Extensions authentication vulnerability

Release Date: April 11, 2006

Vulnerability Identifiers: CVE-2006-1627, CVE-2006-1785, CVE-2006-1786, CVE-2006-1787, CVE-2006-1788

Products: Adobe Document Server for Reader Extensions 6.0

Platform: Windows, Solaris

Overview: Adobe has been made aware of potential vulnerabilities related to user authentication management within Adobe Document Server for Reader Extensions 6.0. These potential vulnerabilities could enable disclosure of Adobe Document Server for Reader Extensions authentication credentials during use of the product.

Effect: If exploited, this vulnerability would allow an attacker to inappropriately access the server and/or exercise server functionality.

Details: Adobe has been made aware of a number of issues related to authentication and credential management within Adobe Document Server for Reader Extensions 6.0. These potential vulnerabilities could enable disclosure of Adobe Document Server for Reader Extensions authentication credentials during use of the product. While Adobe Document Server for Reader Extensions 6.0 has been offered as part of Adobe Graphics Server and Adobe Document Server. Adobe has shipped two subsequent versions (Adobe Document Server for Reader Extensions 6.1 and LiveCycle Reader Extensions 7.0), both of which use different mechanisms for authentication and credential management.

Severity: Adobe categorizes this issue as an important issue and recommends that affected users upgrade to a more recent version of the Adobe Document Server for Reader Extensions.

Recommendation: Adobe recommends upgrading to the current version of Adobe Document Server for Reader Extensions. In addition to correcting this vulnerability, the recent versions also provide security enhancements such as support for encrypted data transfer.

Acknowledgement: Adobe would like to thank Secunia for reporting this issue and for working with us to help protect the security of our customers.

Revisions: April 11, 2006 - Bulletin first created

Reporting Security Issues

Adobe is committed to addressing security issues and providing customers with information on how they can protect themselves. If you identify what you believe may be a security issue with an Adobe product, please send an email to PSIRT@adobe.com . We will work to appropriately address and communicate the issue.

Receiving Security Bulletins

When Adobe becomes aware of a security issue that we believe significantly affects our products or customers, we will notify customers when appropriate. Typically this notification will be in the form of a security bulletin explaining the issue and the response. Adobe customers who would like to receive notification of new security bulletins when they are released can sign up for our security notification service.

For additional information on security issues at Adobe, please visit the Adobe website at www.adobe.com/support/security/ .

Adobe Disclaimer

DISCLAIMER OF WARRANTIES: ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS OR FIXES PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.

LIMIT OF LIABILITY: IN NO EVENT SHALL ADOBE, INC., OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.

Adobe reserves the right, from time to time, to update the information in this document with current information.


Related Documents

Document 322699
Last edited - 12/04/2006

 

Got Some Time to Take a Survey?

Tell us what you think about this support site.