ID CVE-2007-6246 Type cve Reporter NVD Modified 2017-09-28T21:29:52
Description
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
{"gentoo": [{"lastseen": "2016-09-06T19:46:31", "bulletinFamily": "unix", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\n * Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow (GLSA 200711-30, CVE-2007-4768).\n * Aaron Portnoy reported an unspecified vulnerability related to input validation (CVE-2007-6242).\n * Jesse Michael and Thomas Biege reported that Flash does not correctly set memory permissions (CVE-2007-6246).\n * Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n * David Neu reported an error withing the implementation of the Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n * Toshiharu Sugiyama reported that Flash does not sufficiently restrict the interpretation and usage of cross-domain policy files, allowing for easier cross-site scripting attacks (CVE-2007-6243).\n * Rich Cannings reported a cross-site scripting vulnerability in the way the \"asfunction:\" protocol was handled (CVE-2007-6244).\n * Toshiharu Sugiyama discovered that Flash allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks (CVE-2007-6245).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to establish TCP sessions with arbitrary hosts, bypass the Security Sandbox Model, obtain sensitive information, port scan arbitrary hosts, or conduct cross-site-scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-9.0.115.0\"\n\nPlease be advised that unaffected packages of the Adobe Flash Player have known problems when used from within the Konqueror and Opera browsers.", "modified": "2009-05-28T00:00:00", "published": "2008-01-20T00:00:00", "id": "GLSA-200801-07", "href": "https://security.gentoo.org/glsa/200801-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-12T11:20:30", "bulletinFamily": "scanner", "description": "Check for the Version of flash-player", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850071", "id": "OPENVAS:850071", "title": "SuSE Update for flash-player SUSE-SA:2007:069", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_069.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for flash-player SUSE-SA:2007:069\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1\";\ntag_insight = \"A flash player update to version 9.0.115.0 fixes several security\n problems. In the worst case an attacker could potentially have flash-player\n execute arbitrary code via specially crafted flash content.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850071);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2007-069\");\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_name( \"SuSE Update for flash-player SUSE-SA:2007:069\");\n\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.48.0~4.4\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.48.0~4.4\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:15", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200801-07.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60219", "id": "OPENVAS:60219", "title": "Gentoo Security Advisory GLSA 200801-07 (netscape-flash)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified, the worst of which allow\narbitrary code execution on a user's system via a malicious Flash file.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/netscape-flash-9.0.115.0'\n\nPlease be advised that unaffected packages of the Adobe Flash Player have\nknown problems when used from within the Konqueror and Opera browsers.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200801-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=193519\nhttp://www.gentoo.org/security/en/glsa/glsa-200711-30.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200801-07.\";\n\n \n\nif(description)\n{\n script_id(60219);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200801-07 (netscape-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/netscape-flash\", unaffected: make_list(\"ge 9.0.115.0\"), vulnerable: make_list(\"lt 9.0.115.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60088", "id": "OPENVAS:60088", "title": "FreeBSD Ports: linux-flashplugin", "type": "openvas", "sourceData": "#\n#VID 562cf6c4-b9f1-11dc-a302-000102cc8983\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-flashplugin\n\nFor details, please visit the referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb07-20.html\nhttp://secunia.com/advisories/28161/\nhttp://www.vuxml.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60088);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-6242\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-4324\", \"CVE-2007-6246\", \"CVE-2007-5476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r115\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.0r73\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:00", "bulletinFamily": "scanner", "description": "Adobe Security bulletin :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\nthat could allow an attacker who successfully exploits these potential\nvulnerabilities to take control of the affected system. A malicious\nSWF must be loaded in Flash Player by the user for an attacker to\nexploit these potential vulnerabilities. Users are recommended to\nupdate to the most current version of Flash Player available for their\nplatform.", "modified": "2018-11-21T00:00:00", "published": "2008-01-04T00:00:00", "id": "FREEBSD_PKG_562CF6C4B9F111DCA302000102CC8983.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29849", "title": "FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29849);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-5476\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_xref(name:\"Secunia\", value:\"28161\");\n\n script_name(english:\"FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Security bulletin :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\nthat could allow an attacker who successfully exploits these potential\nvulnerabilities to take control of the affected system. A malicious\nSWF must be loaded in Flash Player by the user for an attacker to\nexploit these potential vulnerabilities. Users are recommended to\nupdate to the most current version of Flash Player available for their\nplatform.\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb07-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb07-20.html\"\n );\n # https://vuxml.freebsd.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b6659b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplugin>=9.0<9.0r115\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplugin>=7.0<7.0r73\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:02", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200801-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Flash contains a copy of PCRE which is vulnerable to a heap-based\n buffer overflow (GLSA 200711-30, CVE-2007-4768).\n Aaron Portnoy reported an unspecified vulnerability related to\n input validation (CVE-2007-6242).\n Jesse Michael and Thomas Biege reported that Flash does not\n correctly set memory permissions (CVE-2007-6246).\n Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong\n Shao reported that Flash does not pin DNS hostnames to a single IP\n addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n David Neu reported an error withing the implementation of the\n Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n Toshiharu Sugiyama reported that Flash does not sufficiently\n restrict the interpretation and usage of cross-domain policy files,\n allowing for easier cross-site scripting attacks (CVE-2007-6243).\n Rich Cannings reported a cross-site scripting vulnerability in the\n way the 'asfunction:' protocol was handled (CVE-2007-6244).\n Toshiharu Sugiyama discovered that Flash allows remote attackers to\n modify HTTP headers for client requests and conduct HTTP Request\n Splitting attacks (CVE-2007-6245).\nImpact :\n\n A remote attacker could entice a user to open a specially crafted file\n (usually in a web browser), possibly leading to the execution of\n arbitrary code with the privileges of the user running the Adobe Flash\n Player. The attacker could also cause a user's machine to establish TCP\n sessions with arbitrary hosts, bypass the Security Sandbox Model,\n obtain sensitive information, port scan arbitrary hosts, or conduct\n cross-site-scripting attacks.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-11-14T00:00:00", "published": "2008-01-21T00:00:00", "id": "GENTOO_GLSA-200801-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=30031", "title": "GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200801-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(30031);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_xref(name:\"GLSA\", value:\"200801-07\");\n\n script_name(english:\"GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200801-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Flash contains a copy of PCRE which is vulnerable to a heap-based\n buffer overflow (GLSA 200711-30, CVE-2007-4768).\n Aaron Portnoy reported an unspecified vulnerability related to\n input validation (CVE-2007-6242).\n Jesse Michael and Thomas Biege reported that Flash does not\n correctly set memory permissions (CVE-2007-6246).\n Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong\n Shao reported that Flash does not pin DNS hostnames to a single IP\n addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n David Neu reported an error withing the implementation of the\n Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n Toshiharu Sugiyama reported that Flash does not sufficiently\n restrict the interpretation and usage of cross-domain policy files,\n allowing for easier cross-site scripting attacks (CVE-2007-6243).\n Rich Cannings reported a cross-site scripting vulnerability in the\n way the 'asfunction:' protocol was handled (CVE-2007-6244).\n Toshiharu Sugiyama discovered that Flash allows remote attackers to\n modify HTTP headers for client requests and conduct HTTP Request\n Splitting attacks (CVE-2007-6245).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file\n (usually in a web browser), possibly leading to the execution of\n arbitrary code with the privileges of the user running the Adobe Flash\n Player. The attacker could also cause a user's machine to establish TCP\n sessions with arbitrary hosts, bypass the Security Sandbox Model,\n obtain sensitive information, port scan arbitrary hosts, or conduct\n cross-site-scripting attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-30\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200801-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-9.0.115.0'\n Please be advised that unaffected packages of the Adobe Flash Player\n have known problems when used from within the Konqueror and Opera\n browsers.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 9.0.115.0\"), vulnerable:make_list(\"lt 9.0.115.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:58", "bulletinFamily": "scanner", "description": "According to its version number, the instance of Flash Player on the\nremote Windows host is affected by multiple issues, including several\nwhich could allow for arbitrary code execution by means of a malicious\nSWF file.", "modified": "2018-07-11T00:00:00", "published": "2007-12-19T00:00:00", "id": "FLASH_PLAYER_APSB07-20.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29741", "title": "Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29741);\n script_version(\"1.24\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\",\n \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_bugtraq_id(25260, 26346, 26930, 26949, 26951, 26960, 26965, 26966, 26969);\n\n script_name(english:\"Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)\");\n script_summary(english:\"Checks version of Flash Player\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plugin that is affected by\nmultiple issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of Flash Player on the\nremote Windows host is affected by multiple issues, including several\nwhich could allow for arbitrary code execution by means of a malicious\nSWF file.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb07-20.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Flash Player version 9.0.115.0 / 7.0.73.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n exit(0);\n}\n\n#\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(0);\n\n\n# Identify vulnerable versions.\ninfo = \"\";\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n\n ver = vers[key];\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (iver[0] == 7 && iver[1] == 0 && iver[2] < 73) ||\n (iver[0] == 8 && iver[1] == 0 && iver[2] <= 35) ||\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 115)\n )\n {\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + ver + '\\n';\n }\n }\n }\n }\n}\n\n\nif (info)\n{\n report = string(\n \"\\n\",\n \"Nessus has identified the following vulnerable instance(s) of Flash\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:59", "bulletinFamily": "scanner", "description": "This flash player update to version 9.0.115.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 /\nCVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and\nMozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.", "modified": "2016-12-22T00:00:00", "published": "2007-12-24T00:00:00", "id": "SUSE_FLASH-PLAYER-4856.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29785", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29785);\n script_version (\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash player update to version 9.0.115.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 /\nCVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and\nMozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4324.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4768.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6244.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6245.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6246.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4856.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"flash-player-9.0.115.0-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:59", "bulletinFamily": "scanner", "description": "This flash player update to version 9.0.115.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242,\nCVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and\nMozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.", "modified": "2016-12-22T00:00:00", "published": "2007-12-24T00:00:00", "id": "SUSE_FLASH-PLAYER-4855.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29784", "title": "openSUSE 10 Security Update : flash-player (flash-player-4855)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-4855.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29784);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n\n script_name(english:\"openSUSE 10 Security Update : flash-player (flash-player-4855)\");\n script_summary(english:\"Check for the flash-player-4855 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash player update to version 9.0.115.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242,\nCVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and\nMozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"flash-player-9.0.115.0-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"flash-player-9.0.115.0-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"flash-player-9.0.115.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:41", "bulletinFamily": "scanner", "description": "An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player\ndisplays certain content. It may be possible to execute arbitrary code\non a victim's machine, if the victim opens a malicious Adobe Flash\nfile. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\n\nA flaw was found in the way Flash Player handled the asfunction:\nprotocol. Malformed SWF files could perform a cross-site scripting\nattack. (CVE-2007-6244)\n\nA flaw was found in the way Flash Player modified HTTP request\nheaders. Malicious content could allow Flash Player to conduct a HTTP\nresponse splitting attack. (CVE-2007-6245)\n\nA flaw was found in the way Flash Player processes certain SWF\ncontent. A malicious SWF file could allow a remote attacker to conduct\na port scanning attack from the client's machine. (CVE-2007-4324)\n\nA flaw was found in the way Flash Player establishes TCP sessions. A\nremote attacker could use Flash Player to conduct a DNS rebinding\nattack. (CVE-2007-5275)\n\nUsers of Adobe Flash Player are advised to upgrade to this updated\npackage, which contains version 9.0.115.0 and resolves these issues.", "modified": "2018-11-27T00:00:00", "published": "2009-08-24T00:00:00", "id": "REDHAT-RHSA-2007-1126.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40711", "title": "RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40711);\n script_version (\"1.35\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_bugtraq_id(25260, 26930, 26949, 26951, 26960, 26965, 26966, 26969);\n script_xref(name:\"RHSA\", value:\"2007:1126\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player\ndisplays certain content. It may be possible to execute arbitrary code\non a victim's machine, if the victim opens a malicious Adobe Flash\nfile. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\n\nA flaw was found in the way Flash Player handled the asfunction:\nprotocol. Malformed SWF files could perform a cross-site scripting\nattack. (CVE-2007-6244)\n\nA flaw was found in the way Flash Player modified HTTP request\nheaders. Malicious content could allow Flash Player to conduct a HTTP\nresponse splitting attack. (CVE-2007-6245)\n\nA flaw was found in the way Flash Player processes certain SWF\ncontent. A malicious SWF file could allow a remote attacker to conduct\na port scanning attack from the client's machine. (CVE-2007-4324)\n\nA flaw was found in the way Flash Player establishes TCP sessions. A\nremote attacker could use Flash Player to conduct a DNS rebinding\nattack. (CVE-2007-5275)\n\nUsers of Adobe Flash Player are advised to upgrade to this updated\npackage, which contains version 9.0.115.0 and resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6246\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb07-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb07-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1126\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"flash-plugin-9.0.115.0-1.el3.with.oss\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"flash-plugin-9.0.115.0-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-9.0.115.0-1.el5\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:30", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\r\nWeb browser plug-in.\r\n\r\nSeveral input validation flaws were found in the way Flash Player displays\r\ncertain content. It may be possible to execute arbitrary code on a victim's\r\nmachine, if the victim opens a malicious Adobe Flash file. \r\n(CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\r\n\r\nA flaw was found in the way Flash Player handled the asfunction: protocol.\r\nMalformed SWF files could perform a cross-site scripting attack.\r\n(CVE-2007-6244)\r\n\r\nA flaw was found in the way Flash Player modified HTTP request headers.\r\nMalicious content could allow Flash Player to conduct a HTTP response\r\nsplitting attack. (CVE-2007-6245)\r\n\r\nA flaw was found in the way Flash Player processes certain SWF content. A\r\nmalicious SWF file could allow a remote attacker to conduct a port scanning\r\nattack from the client's machine. (CVE-2007-4324)\r\n\r\nA flaw was found in the way Flash Player establishes TCP sessions. A remote\r\nattacker could use Flash Player to conduct a DNS rebinding attack.\r\n(CVE-2007-5275) \r\n\r\nUsers of Adobe Flash Player are advised to upgrade to this updated package,\r\nwhich contains version 9.0.115.0 and resolves these issues.", "modified": "2017-09-08T12:08:51", "published": "2007-12-18T05:00:00", "id": "RHSA-2007:1126", "href": "https://access.redhat.com/errata/RHSA-2007:1126", "type": "redhat", "title": "(RHSA-2007:1126) Critical: flash-plugin security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:51:41", "bulletinFamily": "unix", "description": "A flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted flash content.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2007-12-21T16:24:32", "published": "2007-12-21T16:24:32", "id": "SUSE-SA:2007:069", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:36", "bulletinFamily": "unix", "description": "\nAdobe Security bulletin:\n\nCritical vulnerabilities have been identified in Adobe Flash\n\t Player that could allow an attacker who successfully exploits these\n\t potential vulnerabilities to take control of the affected system. A\n\t malicious SWF must be loaded in Flash Player by the user for an\n\t attacker to exploit these potential vulnerabilities. Users are\n\t recommended to update to the most current version of Flash Player\n\t available for their platform.\n\n", "modified": "2007-12-18T00:00:00", "published": "2007-12-18T00:00:00", "id": "562CF6C4-B9F1-11DC-A302-000102CC8983", "href": "https://vuxml.freebsd.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
