ID CVE-2008-1655 Type cve Reporter NVD Modified 2017-09-28T21:30:48
Description
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
{"suse": [{"lastseen": "2016-09-04T12:13:40", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "9.0.124.0-0.2", "packageName": "flash-player", "packageFilename": "flash-player-9.0.124.0-0.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "9.0.124.0-0.1", "packageName": "flash-player", "packageFilename": "flash-player-9.0.124.0-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "9.0.124.0-0.1", "packageName": "flash-player", "packageFilename": "flash-player-9.0.124.0-0.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "The Adobe Flash Player was updated to version 9.0.124.0 to fix several security problems.", "edition": 1, "reporter": "Suse", "published": "2008-04-11T13:28:58", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote code execution in flash-player", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2008-04-11T13:28:58", "id": "SUSE-SA:2008:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-08T11:44:41", "references": [], "pluginID": "90018", "description": "The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655", "edition": 2, "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "published": "2008-09-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)", "type": "openvas", "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "modified": "2017-12-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=90018", "id": "OPENVAS:90018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: flash_player_CB-A08-0059.nasl 8024 2017-12-07 08:47:24Z teissa $\n# Description: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_impact = \"CVE 2007-5275\n The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause\n a victim machine to establish TCP sessions with arbitrary hosts via a\n Flash (SWF) movie, related to lack of pinning of a hostname to a single\n IP address after receiving an allow-access-from element in a\n cross-domain-policy XML document, and the availability of a Flash Socket\n class that does not use the browser's DNS pins, aka DNS rebinding attacks,\n a different issue than CVE-2002-1467 and CVE-2007-4324.\n CVE 2007-6019\n Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,\n allows remote attackers to execute arbitrary code via an SWF file with\n a modified DeclareFunction2 Actionscript tag, which prevents an object\n from being instantiated properly.\n CVE 2007-6243\n Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x\n up to 7.0.70.0 does not sufficiently restrict the interpretation and\n usage of cross-domain policy files, which makes it easier for remote\n attackers to conduct cross-domain and cross-site scripting (XSS) attacks.\n CVE 2007-6637\n Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash\n Player allow remote attackers to inject arbitrary web script or HTML\n via a crafted SWF file, related to 'pre-generated SWF files' and Adobe\n Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector\n is already covered by CVE-2007-6244.1.\n CVE 2008-1654\n Interaction error between Adobe Flash and multiple Universal Plug and Play\n (UPnP) services allow remote attackers to perform Cross-Site Request\n Forgery (CSRF) style attacks by using the Flash navigateToURL function\n to send a SOAP message to a UPnP control point, as demonstrated by changing\n the primary DNS server.\n CVE 2008-1655\n Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,\n and 8.0.39.0 and earlier, makes it easier for remote attackers to\n conduct DNS rebinding attacks via unknown vectors.\";\n\ntag_summary = \"The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655\";\n\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\";\n\n# $Revision: 8024 $\n\nif(description)\n{\n script_id(90018);\n script_version(\"$Revision: 8024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:47:24 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-03 22:30:27 +0200 (Wed, 03 Sep 2008)\");\n script_cve_id(\"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(28697, 28696, 27034, 26966, 28694, 26930);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n name = \"Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\";\n script_name(name);\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n family = \"General\";\n script_family(family);\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_require_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(!flashVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:flashVer, test_version:\"9,0,115,0\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:19:45", "references": ["2008-022"], "pluginID": "850000", "description": "Check for the Version of flash-player", "edition": 3, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-01-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "SuSE Update for flash-player SUSE-SA:2008:022", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850000", "id": "OPENVAS:850000", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_022.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for flash-player SUSE-SA:2008:022\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Adobe Flash Player was updated to version 9.0.124.0 to fix several\n security problems.\n\n In the worst case an attacker could potentially have flash-player\n execute arbitrary code via specially crafted files, for instance\n embedded in web pages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850000);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-022\");\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\", \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_name( \"SuSE Update for flash-player SUSE-SA:2008:022\");\n\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.124.0~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.124.0~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.124.0~0.1\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.124.0~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.124.0~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-04T13:39:46", "references": [], "pluginID": "136141256231090019", "description": "The remote host is probably affected by\n the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,\n CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.", "edition": 5, "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "published": "2008-09-03T00:00:00", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "modified": "2018-09-03T00:00:00", "id": "OPENVAS:136141256231090019", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: smbcl_flash_player_CB-A08-0059.nasl 11190 2018-09-03 11:25:15Z cfischer $\n# Description: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n# Modified to Implement based on 'smb_nt.inc'\n# - By Sharath S <sharaths@secpod.com> On 2009-09-14\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90019\");\n script_version(\"$Revision: 11190 $\");\n script_cve_id(\"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(26930, 28694, 26966, 27034, 28696, 28697);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-03 13:25:15 +0200 (Mon, 03 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-03 22:30:27 +0200 (Wed, 03 Sep 2008)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The remote host is probably affected by\n the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,\n CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"- CVE 2007-5275\n The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a\n victim machine to establish TCP sessions with arbitrary hosts via a Flash\n (SWF) movie, related to lack of pinning of a hostname to a single IP address\n after receiving an allow-access-from element in a cross-domain-policy XML\n document, and the availability of a Flash Socket class that does not use\n the browser's DNS pins, aka DNS rebinding attacks, a different issue than\n CVE-2002-1467 and CVE-2007-4324.\n\n - CVE 2007-6019\n Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows\n remote attackers to execute arbitrary code via an SWF file with a modified\n DeclareFunction2 Actionscript tag, which prevents an object from being\n instantiated properly.\n\n - CVE 2007-6243\n Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to\n 7.0.70.0 does not sufficiently restrict the interpretation and usage of\n cross-domain policy files, which makes it easier for remote attackers to\n conduct cross-domain and cross-site scripting (XSS) attacks.\n - CVE 2007-6637\n Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player\n allow remote attackers to inject arbitrary web script or HTML via a crafted\n SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or\n Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by\n CVE-2007-6244.1.\n\n - CVE 2008-1654\n Interaction error between Adobe Flash and multiple Universal Plug and Play\n (UPnP) services allow remote attackers to perform Cross-Site Request Forgery\n (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP\n message to a UPnP control point, as demonstrated by changing the primary DNS\n server.\n\n - CVE 2008-1655\n Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and\n 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS\n rebinding attacks via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 9.0.115.0\n and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should\n upgrade to the latest version: http://get.adobe.com/flashplayer\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less_equal(version:playerVer, test_version:\"9.0.115.0\")){\n report = 'Installed version: ' + playerVer;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:01", "references": [], "pluginID": "60821", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-21.", "edition": 2, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Gentoo Security Advisory GLSA 200804-21 (netscape-flash)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60821", "id": "OPENVAS:60821", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified, the worst of which allow\narbitrary code execution on a user's system via a malicious Flash file.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/netscape-flash-9.0.124.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-21\nhttp://bugs.gentoo.org/show_bug.cgi?id=204344\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-21.\";\n\n \n\nif(description)\n{\n script_id(60821);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\", \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200804-21 (netscape-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/netscape-flash\", unaffected: make_list(\"ge 9.0.124.0\"), vulnerable: make_list(\"lt 9.0.124.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-24T18:21:46", "references": [], "pluginID": "136141256231090018", "description": "The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655", "edition": 4, "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "published": "2008-09-03T00:00:00", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "modified": "2018-09-22T00:00:00", "id": "OPENVAS:136141256231090018", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: flash_player_CB-A08-0059.nasl 11555 2018-09-22 15:24:22Z cfischer $\n# Description: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n# $Revision: 11555 $\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90018\");\n script_version(\"$Revision: 11555 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 17:24:22 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-03 22:30:27 +0200 (Wed, 03 Sep 2008)\");\n script_cve_id(\"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(28697, 28696, 27034, 26966, 28694, 26930);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should upgrade to the latest version:\");\n script_tag(name:\"summary\", value:\"The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655\");\n script_tag(name:\"impact\", value:\"CVE 2007-5275\n The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause\n a victim machine to establish TCP sessions with arbitrary hosts via a\n Flash (SWF) movie, related to lack of pinning of a hostname to a single\n IP address after receiving an allow-access-from element in a\n cross-domain-policy XML document, and the availability of a Flash Socket\n class that does not use the browser's DNS pins, aka DNS rebinding attacks,\n a different issue than CVE-2002-1467 and CVE-2007-4324.\n CVE 2007-6019\n Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,\n allows remote attackers to execute arbitrary code via an SWF file with\n a modified DeclareFunction2 Actionscript tag, which prevents an object\n from being instantiated properly.\n CVE 2007-6243\n Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x\n up to 7.0.70.0 does not sufficiently restrict the interpretation and\n usage of cross-domain policy files, which makes it easier for remote\n attackers to conduct cross-domain and cross-site scripting (XSS) attacks.\n CVE 2007-6637\n Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash\n Player allow remote attackers to inject arbitrary web script or HTML\n via a crafted SWF file, related to 'pre-generated SWF files' and Adobe\n Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector\n is already covered by CVE-2007-6244.1.\n CVE 2008-1654\n Interaction error between Adobe Flash and multiple Universal Plug and Play\n (UPnP) services allow remote attackers to perform Cross-Site Request\n Forgery (CSRF) style attacks by using the Flash navigateToURL function\n to send a SOAP message to a UPnP control point, as demonstrated by changing\n the primary DNS server.\n CVE 2008-1655\n Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,\n and 8.0.39.0 and earlier, makes it easier for remote attackers to\n conduct DNS rebinding attacks via unknown vectors.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(!flashVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:flashVer, test_version:\"9,0,115,0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:02", "references": [], "pluginID": "102031", "description": "The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003.\n One or more of the following components are affected:\n\n AFP Server\n Apache\n AppKit\n Apple Pixlet Video\n ATS\n CFNetwork\n CoreFoundation\n CoreGraphics\n CoreTypes\n CUPS\n Flash Player Plug-in\n Help Viewer\n iCal\n International Components for Unicode\n Image Capture\n Image Capture\n ImageIO\n Kernel\n LoginWindow\n Mail\n ruby\n Single Sign-On\n Wiki Server", "edition": 1, "reporter": "Copyright (C) 2010 LSS", "published": "2010-05-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003", "type": "openvas", "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2007-6637", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6243", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "modified": "2017-02-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=102031", "id": "OPENVAS:102031", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003\n#\n# LSS-NVT-2010-020\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT1897\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003.\n One or more of the following components are affected:\n\n AFP Server\n Apache\n AppKit\n Apple Pixlet Video\n ATS\n CFNetwork\n CoreFoundation\n CoreGraphics\n CoreTypes\n CUPS\n Flash Player Plug-in\n Help Viewer\n iCal\n International Components for Unicode\n Image Capture\n Image Capture\n ImageIO\n Kernel\n LoginWindow\n Mail\n ruby\n Single Sign-On\n Wiki Server\";\n\n\nif(description)\n{\n script_id(102031);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-1027\",\"CVE-2005-3352\",\"CVE-2005-3357\",\"CVE-2006-3747\",\"CVE-2007-1863\",\"CVE-2007-3847\",\"CVE-2007-4465\",\"CVE-2007-5000\",\"CVE-2007-6388\",\"CVE-2008-1028\",\"CVE-2008-1577\",\"CVE-2008-1575\",\"CVE-2008-1580\",\"CVE-2008-1030\",\"CVE-2008-1031\",\"CVE-2008-1032\",\"CVE-2008-1033\",\"CVE-2007-5275\",\"CVE-2007-6243\",\"CVE-2007-6637\",\"CVE-2007-6019\",\"CVE-2007-0071\",\"CVE-2008-1655\",\"CVE-2008-1654\",\"CVE-2008-1034\",\"CVE-2008-1035\",\"CVE-2008-1036\",\"CVE-2008-1571\",\"CVE-2008-1572\",\"CVE-2008-1573\",\"CVE-2007-5266\",\"CVE-2007-5268\",\"CVE-2007-5269\",\"CVE-2008-1574\",\"CVE-2008-0177\",\"CVE-2007-6359\",\"CVE-2008-1576\",\"CVE-2007-6612\",\"CVE-2008-1578\",\"CVE-2008-1579\");\n script_name(\"Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.2\",\"Mac OS X Server 10.5.2\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.003\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.003\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.3\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.3\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:11", "references": ["http://support.apple.com/kb/HT1897"], "pluginID": "1361412562310102031", "description": "The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003.", "edition": 4, "reporter": "Copyright (C) 2010 LSS", "published": "2010-05-12T00:00:00", "title": "Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2007-6637", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6243", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "modified": "2018-06-06T00:00:00", "id": "OPENVAS:1361412562310102031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102031", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_5_3_secupd_2008-003.nasl 10090 2018-06-06 08:06:04Z cfischer $\n#\n# Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003\n#\n# LSS-NVT-2010-020\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102031\");\n script_version(\"$Revision: 10090 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-06 10:06:04 +0200 (Wed, 06 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-1027\", \"CVE-2005-3352\", \"CVE-2005-3357\", \"CVE-2006-3747\", \"CVE-2007-1863\",\n \"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-1028\",\n \"CVE-2008-1577\", \"CVE-2008-1575\", \"CVE-2008-1580\", \"CVE-2008-1030\", \"CVE-2008-1031\",\n \"CVE-2008-1032\", \"CVE-2008-1033\", \"CVE-2007-5275\", \"CVE-2007-6243\", \"CVE-2007-6637\",\n \"CVE-2007-6019\", \"CVE-2007-0071\", \"CVE-2008-1655\", \"CVE-2008-1654\", \"CVE-2008-1034\",\n \"CVE-2008-1035\", \"CVE-2008-1036\", \"CVE-2008-1571\", \"CVE-2008-1572\", \"CVE-2008-1573\",\n \"CVE-2007-5266\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2008-1574\", \"CVE-2008-0177\",\n \"CVE-2007-6359\", \"CVE-2008-1576\", \"CVE-2007-6612\", \"CVE-2008-1578\", \"CVE-2008-1579\");\n script_name(\"Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1897\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AFP Server\n\n Apache\n\n AppKit\n\n Apple Pixlet Video\n\n ATS\n\n CFNetwork\n\n CoreFoundation\n\n CoreGraphics\n\n CoreTypes\n\n CUPS\n\n Flash Player Plug-in\n\n Help Viewer\n\n iCal\n\n International Components for Unicode\n\n Image Capture\n\n Image Capture\n\n ImageIO\n\n Kernel\n\n LoginWindow\n\n Mail\n\n ruby\n\n Single Sign-On\n\n Wiki Server\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT1897\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.2\",\"Mac OS X Server 10.5.2\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.003\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.003\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.3\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.3\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:47:10", "references": ["https://security.gentoo.org/glsa/200804-21"], "pluginID": "32014", "description": "The remote host is affected by the vulnerability described in GLSA-200804-21 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash:\n Secunia Research and Zero Day Initiative reported a boundary error related to DeclareFunction2 Actionscript tags in SWF files (CVE-2007-6019).\n The ISS X-Force and the Zero Day Initiative reported an unspecified input validation error that might lead to a buffer overflow (CVE-2007-0071).\n Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy files are not checked before sending HTTP headers to another domain (CVE-2008-1654) and that it does not sufficiently restrict the interpretation and usage of cross-domain policy files (CVE-2007-6243).\n The Stanford University and Ernst and Young's Advanced Security Center reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275, CVE-2008-1655).\n The Google Security Team and Minded Security Multiple reported multiple cross-site scripting vulnerabilities when passing input to Flash functions (CVE-2007-6637).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to send HTTP requests to other hosts, establish TCP sessions with arbitrary hosts, bypass the security sandbox model, or conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.\n Workaround :\n\n There is no known workaround at this time.", "edition": 6, "reporter": "Tenable", "published": "2008-04-22T00:00:00", "title": "GLSA-200804-21 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-200804-21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-21.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32014);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\", \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(26930, 26966, 27034, 28694, 28695, 28696, 28697);\n script_xref(name:\"GLSA\", value:\"200804-21\");\n\n script_name(english:\"GLSA-200804-21 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-21\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash:\n Secunia Research and Zero Day Initiative reported a boundary error\n related to DeclareFunction2 Actionscript tags in SWF files\n (CVE-2007-6019).\n The ISS X-Force and the Zero Day Initiative reported an unspecified\n input validation error that might lead to a buffer overflow\n (CVE-2007-0071).\n Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy\n files are not checked before sending HTTP headers to another domain\n (CVE-2008-1654) and that it does not sufficiently restrict the\n interpretation and usage of cross-domain policy files (CVE-2007-6243).\n The Stanford University and Ernst and Young's Advanced Security Center\n reported that Flash does not pin DNS hostnames to a single IP\n addresses, allowing for DNS rebinding attacks (CVE-2007-5275,\n CVE-2008-1655).\n The Google Security Team and Minded Security Multiple reported multiple\n cross-site scripting vulnerabilities when passing input to Flash\n functions (CVE-2007-6637).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file\n (usually in a web browser), possibly leading to the execution of\n arbitrary code with the privileges of the user running the Adobe Flash\n Player. The attacker could also cause a user's machine to send HTTP\n requests to other hosts, establish TCP sessions with arbitrary hosts,\n bypass the security sandbox model, or conduct Cross-Site Scripting and\n Cross-Site Request Forgery attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-9.0.124.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 9.0.124.0\"), vulnerable:make_list(\"lt 9.0.124.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:40", "references": ["http://www.adobe.com/support/security/bulletins/apsb08-11.html"], "pluginID": "31799", "description": "According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several that could allow for arbitrary code execution.", "edition": 7, "reporter": "Tenable", "published": "2008-04-10T00:00:00", "title": "Flash Player < 8.0.42.0 / 9.0.124.0 Multiple Vulnerabilities (APSB08-11)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB08-11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31799);\n script_version(\"1.25\");\n\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(26930, 26966, 27034, 28694, 28695, 28696, 28697);\n script_xref(name:\"Secunia\", value:\"28083\");\n\n script_name(english:\"Flash Player < 8.0.42.0 / 9.0.124.0 Multiple Vulnerabilities (APSB08-11)\");\n script_summary(english:\"Checks version of Flash Player\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plugin that is affected by\nmultiple issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of Flash Player on the\nremote Windows host is affected by multiple issues, including several\nthat could allow for arbitrary code execution.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb08-11.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Flash Player version 9.0.124.0 / 8.0.42.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 352);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/19\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n exit(0);\n}\n\n#\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(0);\n\n\n# Identify vulnerable versions.\ninfo = \"\";\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n\n ver = vers[key];\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (iver[0] == 8 && iver[1] == 0 && iver[2] < 42) ||\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 124)\n )\n {\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + ver + '\\n';\n }\n }\n }\n }\n}\n\n\nif (info)\n{\n report = string(\n \"\\n\",\n \"Nessus has identified the following vulnerable instance(s) of Flash\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:31", "references": ["http://support.novell.com/security/cve/CVE-2007-6637.html", "http://support.novell.com/security/cve/CVE-2007-5275.html", "http://support.novell.com/security/cve/CVE-2007-6243.html", "http://support.novell.com/security/cve/CVE-2008-1655.html", "http://support.novell.com/security/cve/CVE-2007-0071.html", "http://support.novell.com/security/cve/CVE-2008-1654.html", "http://support.novell.com/security/cve/CVE-2007-6019.html"], "pluginID": "31964", "description": "This flash player update to version 9.0.124.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-5275 / CVE-2007-6243 / CVE-2007-6637 / CVE-2007-6019 / CVE-2007-0071 / CVE-2008-1655 / CVE-2008-1654)", "edition": 5, "reporter": "Tenable", "published": "2008-04-17T00:00:00", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 5159)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-5159.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31964", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31964);\n script_version (\"$Revision: 1.24 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\", \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 5159)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash player update to version 9.0.124.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-5275 / CVE-2007-6243 / CVE-2007-6637 / CVE-2007-6019 /\nCVE-2007-0071 / CVE-2008-1655 / CVE-2008-1654)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6637.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1655.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5159.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"flash-player-9.0.124.0-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:07:15", "references": ["https://www.redhat.com/security/data/cve/CVE-2008-1655.html", "https://www.redhat.com/security/data/cve/CVE-2007-0071.html", "https://www.redhat.com/security/data/cve/CVE-2007-5275.html", "https://www.redhat.com/security/data/cve/CVE-2008-1654.html", "https://www.redhat.com/security/data/cve/CVE-2007-6019.html", "https://access.redhat.com/errata/RHSA-2008:0221", "https://www.redhat.com/security/data/cve/CVE-2008-3872.html", "https://www.redhat.com/security/data/cve/CVE-2007-6637.html", "https://www.redhat.com/security/data/cve/CVE-2007-6243.html"], "pluginID": "40719", "description": "An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player displayed certain content. These may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file. (CVE-2007-0071, CVE-2007-6019)\n\nA flaw was found in the way Flash Player established TCP sessions to remote hosts. A remote attacker could, consequently, use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)\n\nA flaw was found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks.\n(CVE-2007-6243, CVE-2008-1654)\n\nA flaw was found in the way Flash Player interacted with web browsers.\nAn attacker could use malicious content presented by Flash Player to conduct a cross-site scripting attack. (CVE-2007-6637)\n\nAll users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 9.0.124.0 and resolves these issues.", "edition": 7, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:0221)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-3872", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5.1", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0221.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0221. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40719);\n script_version (\"1.37\");\n script_cvs_date(\"Date: 2018/11/10 11:49:49\");\n\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\", \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\", \"CVE-2008-3872\");\n script_bugtraq_id(26930, 26966, 27034, 28694, 28695, 28696, 28697);\n script_xref(name:\"RHSA\", value:\"2008:0221\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:0221)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes several security\nissues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player\ndisplayed certain content. These may have made it possible to execute\narbitrary code on a victim's machine, if the victim opened a malicious\nAdobe Flash file. (CVE-2007-0071, CVE-2007-6019)\n\nA flaw was found in the way Flash Player established TCP sessions to\nremote hosts. A remote attacker could, consequently, use Flash Player\nto conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)\n\nA flaw was found in the way Flash Player restricted the interpretation\nand usage of cross-domain policy files. A remote attacker could use\nFlash Player to conduct cross-domain and cross-site scripting attacks.\n(CVE-2007-6243, CVE-2008-1654)\n\nA flaw was found in the way Flash Player interacted with web browsers.\nAn attacker could use malicious content presented by Flash Player to\nconduct a cross-site scripting attack. (CVE-2007-6637)\n\nAll users of Adobe Flash Player should upgrade to this updated\npackage, which contains Flash Player version 9.0.124.0 and resolves\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-0071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-5275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6637.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-1654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-1655.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0221\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 264, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0221\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"flash-plugin-9.0.124.0-1.el3.with.oss\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"flash-plugin-9.0.124.0-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-9.0.124.0-1.el5\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:25", "references": [], "pluginID": "31965", "description": "This flash player update to version 9.0.124.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-5275, CVE-2007-6243, CVE-2007-6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654)", "edition": 5, "reporter": "Tenable", "published": "2008-04-17T00:00:00", "title": "openSUSE 10 Security Update : flash-player (flash-player-5161)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_FLASH-PLAYER-5161.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31965", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-5161.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31965);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2007-0071\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\", \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n\n script_name(english:\"openSUSE 10 Security Update : flash-player (flash-player-5161)\");\n script_summary(english:\"Check for the flash-player-5161 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash player update to version 9.0.124.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-5275, CVE-2007-6243, CVE-2007-6637, CVE-2007-6019,\nCVE-2007-0071, CVE-2008-1655, CVE-2008-1654)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"flash-player-9.0.124.0-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"flash-player-9.0.124.0-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"flash-player-9.0.124.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:45", "references": ["http://lists.apple.com/archives/security-announce/2008/May/msg00001.html", "http://support.apple.com/kb/HT1897", "http://www.securityfocus.com/advisories/14755"], "pluginID": "32478", "description": "The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. \n\nThis update contains security fixes for a number of programs.", "edition": 8, "reporter": "Tenable", "published": "2008-05-29T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-003)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2008-003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32478", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32478);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\", \"CVE-2006-3747\", \"CVE-2007-0071\", \"CVE-2007-1863\",\n \"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-5266\", \"CVE-2007-5268\",\n \"CVE-2007-5269\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6359\", \"CVE-2007-6388\",\n \"CVE-2007-6612\", \"CVE-2008-0177\", \"CVE-2008-1027\", \"CVE-2008-1028\", \"CVE-2008-1030\",\n \"CVE-2008-1031\", \"CVE-2008-1032\", \"CVE-2008-1033\", \"CVE-2008-1034\", \"CVE-2008-1035\",\n \"CVE-2008-1036\", \"CVE-2008-1571\", \"CVE-2008-1572\", \"CVE-2008-1573\", \"CVE-2008-1574\",\n \"CVE-2008-1575\", \"CVE-2008-1576\", \"CVE-2008-1577\", \"CVE-2008-1578\", \"CVE-2008-1579\",\n \"CVE-2008-1580\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(\"15834\", \"25489\", \"25957\", \"26840\", \"26930\", \"27133\", \"27642\", \"28694\", \"29480\",\n \"29481\", \"29483\", \"29484\", \"29486\", \"29487\", \"29488\", \"29489\", \"29490\", \"29491\",\n \"29492\", \"29493\", \"29500\", \"29501\", \"29511\", \"29513\", \"29514\", \"29520\", \"29521\");\n script_xref(name:\"Secunia\", value:\"30430\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-003)\");\n script_summary(english:\"Check for the presence of Security Update 2008-003\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 that does not\nhave the security update 2008-003 applied. \n\nThis update contains security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT1897\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/May/msg00001.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/14755\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-003 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Module mod_rewrite LDAP Protocol Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 79, 94, 119, 189, 200, 264, 352, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/05/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/05/28\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[3-8]|2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:43", "references": ["http://lists.apple.com/archives/security-announce/2008/May/msg00001.html", "http://support.apple.com/kb/HT1897", "http://www.securityfocus.com/advisories/14755"], "pluginID": "32477", "description": "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. \n\nMac OS X 10.5.3 contains security fixes for a number of programs.", "edition": 8, "reporter": "Tenable", "published": "2008-05-29T00:00:00", "title": "Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_5_3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32477);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\", \"CVE-2006-3747\", \"CVE-2007-0071\", \"CVE-2007-1863\",\n \"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-5266\", \"CVE-2007-5268\",\n \"CVE-2007-5269\", \"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6359\", \"CVE-2007-6388\",\n \"CVE-2007-6612\", \"CVE-2008-0177\", \"CVE-2008-1027\", \"CVE-2008-1028\", \"CVE-2008-1030\",\n \"CVE-2008-1031\", \"CVE-2008-1032\", \"CVE-2008-1033\", \"CVE-2008-1034\", \"CVE-2008-1035\",\n \"CVE-2008-1036\", \"CVE-2008-1571\", \"CVE-2008-1572\", \"CVE-2008-1573\", \"CVE-2008-1574\",\n \"CVE-2008-1575\", \"CVE-2008-1576\", \"CVE-2008-1577\", \"CVE-2008-1578\", \"CVE-2008-1579\",\n \"CVE-2008-1580\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(\"15834\", \"25489\", \"25957\", \"26840\", \"26930\", \"27133\", \"27642\", \"28633\",\n \"28694\", \"29480\", \"29481\", \"29483\", \"29484\", \"29486\", \"29487\", \"29488\",\n \"29489\", \"29490\", \"29491\", \"29492\", \"29493\", \"29500\", \"29501\", \"29511\",\n \"29513\", \"29514\", \"29520\", \"29521\");\n script_xref(name:\"Secunia\", value:\"30430\");\n\n script_name(english:\"Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5.x that is prior\nto 10.5.3. \n\nMac OS X 10.5.3 contains security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT1897\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/May/msg00001.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/14755\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.5.3 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Module mod_rewrite LDAP Protocol Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 79, 94, 119, 189, 200, 264, 352, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/05/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/05/28\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) os = get_kb_item(\"Host/OS\");\nif (!os) exit(0);\n\nif (ereg(pattern:\"Mac OS X 10\\.5\\.[0-2]([^0-9]|$)\", string:os)) security_hole(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:20:25", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.0.124.0-1.el5", "packageName": "flash-plugin", "packageFilename": "flash-plugin-9.0.124.0-1.el5.i386.rpm", "arch": "i386", "operator": "lt"}], "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\r\nWeb browser plug-in.\r\n\r\nSeveral input validation flaws were found in the way Flash Player displayed\r\ncertain content. These may have made it possible to execute arbitrary code\r\non a victim's machine, if the victim opened a malicious Adobe Flash file.\r\n(CVE-2007-0071, CVE-2007-6019)\r\n\r\nA flaw was found in the way Flash Player established TCP sessions to remote\r\nhosts. A remote attacker could, consequently, use Flash Player to conduct a\r\nDNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)\r\n\r\nA flaw was found in the way Flash Player restricted the interpretation and\r\nusage of cross-domain policy files. A remote attacker could use Flash\r\nPlayer to conduct cross-domain and cross-site scripting attacks.\r\n(CVE-2007-6243, CVE-2008-1654)\r\n\r\nA flaw was found in the way Flash Player interacted with web browsers. An\r\nattacker could use malicious content presented by Flash Player to conduct a\r\ncross-site scripting attack. (CVE-2007-6637)\r\n\r\nAll users of Adobe Flash Player should upgrade to this updated package,\r\nwhich contains Flash Player version 9.0.124.0 and resolves these issues.", "reporter": "RedHat", "published": "2008-04-08T04:00:00", "type": "redhat", "title": "(RHSA-2008:0221) Critical: flash-plugin security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-0071", "CVE-2007-5275", "CVE-2007-6019", "CVE-2007-6243", "CVE-2007-6637", "CVE-2008-1654", "CVE-2008-1655", "CVE-2008-3872"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:19:52", "id": "RHSA-2008:0221", "href": "https://access.redhat.com/errata/RHSA-2008:0221", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:43:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 27034,28695,26966,28697,26930,28696,28694\r\nCVE(CAN) ID: CVE-2007-5275,CVE-2007-6243,CVE-2007-6637,CVE-2007-6019,CVE-2007-0071,CVE-2008-1655,CVE-2008-1654\r\n\r\nFlash Player\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684FLASH\u64ad\u653e\u5668\u3002\r\n\r\nFlash Player 9.0.124.0\u7248\u672c\u4fee\u590d\u4e86\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6267\u884c\u8de8\u7ad9\u811a\u672c\u6216\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\uff0c\u5177\u4f53\u5305\u62ec\uff1a\r\n\r\n1) \u5904\u7406Declare Function (V7)\u6807\u7b7e\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff1b\r\n\r\n2) \u5904\u7406\u591a\u5a92\u4f53\u6587\u4ef6\u65f6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff1b\r\n\r\n3) \u5728\u5c06\u4e3b\u673a\u540d\u7ed1\u5b9a\u5230IP\u5730\u5740\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4DNS\u91cd\u65b0\u7ed1\u5b9a\u653b\u51fb\uff1b \r\n\r\n4) \u5728\u53d1\u9001HTTP\u5934\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u7ed5\u8fc7\u8de8\u57df\u7b56\u7565\u6587\u4ef6\uff1b\r\n\r\n5) \u5f3a\u5236\u8de8\u57df\u7b56\u7565\u6587\u4ef6\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5728\u627f\u8f7d\u8be5\u6587\u4ef6\u7684Web\u670d\u52a1\u5668\u4e0a\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\uff1b\r\n\r\n6) \u5728\u5904\u7406asfunction:\u534f\u8bae\u65f6\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u5bf9\u67d0\u4e9b\u53c2\u6570\u7684\u8f93\u5165\u4fbf\u5c06\u5176\u8fd4\u56de\u7ed9\u4e86\u7528\u6237\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6ce8\u5165\u4efb\u610fHTML\u548c\u811a\u672c\u4ee3\u7801\u3002\r\n\n\nAdobe Flash Player < 9.0.115.0\n Adobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.adobe.com/go/getflash target=_blank>http://www.adobe.com/go/getflash</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0221-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0221-01\uff1aCritical: flash-plugin security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0221.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0221.html</a>", "reporter": "Root", "published": "2008-04-11T00:00:00", "type": "seebug", "title": "Adobe Flash Player 9.0.124.0\u7248\u672c\u4fee\u6539\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0071", "CVE-2007-5275", "CVE-2007-6019", "CVE-2007-6243", "CVE-2007-6637", "CVE-2008-1654", "CVE-2008-1655"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3150", "id": "SSV:3150", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "details"}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637", "https://bugs.gentoo.org/show_bug.cgi?id=204344", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "9.0.124.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-plugins/adobe-flash", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash: \n\n * Secunia Research and Zero Day Initiative reported a boundary error related to DeclareFunction2 Actionscript tags in SWF files (CVE-2007-6019). \n * The ISS X-Force and the Zero Day Initiative reported an unspecified input validation error that might lead to a buffer overflow (CVE-2007-0071). \n * Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy files are not checked before sending HTTP headers to another domain (CVE-2008-1654) and that it does not sufficiently restrict the interpretation and usage of cross-domain policy files (CVE-2007-6243). \n * The Stanford University and Ernst and Young's Advanced Security Center reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275, CVE-2008-1655). \n * The Google Security Team and Minded Security Multiple reported multiple cross-site scripting vulnerabilities when passing input to Flash functions (CVE-2007-6637). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to send HTTP requests to other hosts, establish TCP sessions with arbitrary hosts, bypass the security sandbox model, or conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-9.0.124.0\"", "reporter": "Gentoo Foundation", "published": "2008-04-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2009-05-28T00:00:00", "id": "GLSA-200804-21", "href": "https://security.gentoo.org/glsa/200804-21", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:29", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19631", "https://vulners.com/securityvulns/securityvulns:doc:19611", "https://vulners.com/securityvulns/securityvulns:doc:19610"], "description": "Code execution, crossite scripting, request spoofing.", "edition": 1, "reporter": "CERT", "published": "2008-04-14T00:00:00", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:29", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Flash Player", "version": "9.0", "operator": "eq"}, {"name": "Flash Player", "version": "8.0", "operator": "eq"}], "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "modified": "2008-04-14T00:00:00", "id": "SECURITYVULNS:VULN:8886", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8886", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:26", "references": [], "description": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3\r\n\r\n * Last Modified: May 28, 2008\r\n * Article: HT1897\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nSecurity\r\nSecurity Update 2008-003 / Mac OS X v10.5.3\r\n\r\n * AFP Server\r\n\r\n CVE-ID: CVE-2008-1027\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Files that are not designated for sharing may be accessed remotely\r\n\r\n Description: AFP Server did not check that a file or directory to be served was inside a folder designated for sharing. A connected user or guest may access any files or folders for which they have permission, even if not contained in folders designated for sharing. This update addresses the issue by denying access to files and folders that are not inside a folder designated for sharing. Credit to Alex deVries and Robert Rich for reporting this issue.\r\n\r\n * Apache\r\n\r\n CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388\r\n\r\n Available for: Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.0.55\r\n\r\n Description: Apache is updated to version 2.0.63 to address several vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the Apache web site at http://httpd.apache.org. Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and Mac OS X Server v10.5.2.\r\n\r\n * AppKit\r\n\r\n CVE-ID: CVE-2008-1028\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Opening a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An implementation issue exists in AppKit's processing of document files. Opening a maliciously crafted file in an editor that uses AppKit, such as TextEdit, may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of document files. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Rosyna of Unsanity for reporting this issue.\r\n\r\n * Apple Pixlet Video\r\n\r\n CVE-ID: CVE-2008-1577\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of files using the Pixlet codec. Opening a maliciously crafted movie file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n * ATS\r\n\r\n CVE-ID: CVE-2008-1575\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing a PDF document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the Apple Type Services server's handling of embedded fonts in PDF files. Printing a PDF document containing a maliciously crafted font may lead to arbitrary code execution. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Melissa O'Neill of Harvey Mudd College for reporting this issue.\r\n\r\n * CFNetwork\r\n\r\n CVE-ID: CVE-2008-1580\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information\r\n\r\n Description: An information disclosure issue exists in Safari's SSL client certificate handling. When a web server issues a client certificate request, the first client certificate found in the keychain is automatically sent, which may lead to the disclosure of the information contained in the certificate. This update addresses the issue by prompting the user before sending the certificate.\r\n\r\n * CoreFoundation\r\n\r\n CVE-ID: CVE-2008-1030\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Applications' use of the CFData API in certain ways may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in CoreFoundation's handling of CFData objects may result in a heap buffer overflow. An application calling CFDataReplaceBytes with an with invalid length argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issue by performing additional validation of length parameters.\r\n\r\n * CoreGraphics\r\n\r\n CVE-ID: CVE-2008-1031\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized variable issue exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of pointers.\r\n\r\n * CoreTypes\r\n\r\n CVE-ID: CVE-2008-1032\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling content types used by Automator, Help, Safari, and Terminal. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n * CUPS\r\n\r\n CVE-ID: CVE-2008-1033\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information\r\n\r\n Description: An issue exists in the CUPS scheduler's check of the authentication environment variables when debug logging is enabled. This may lead to the disclosure of the username, domain, and password when printing to a password-protected printer. This update addresses the issue by properly validating environment variables. This issue does not affect systems prior to Mac OS X v10.5 with Security Update 2008-002 installed.\r\n\r\n * Flash Player Plug-in\r\n\r\n CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening maliciously crafted Flash content may lead to arbitrary code execution\r\n\r\n Description: Multiple issues exist in Adobe Flash Player Plug-in, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 9.0.124.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb08-11.html\r\n\r\n * Help Viewer\r\n\r\n CVE-ID: CVE-2008-1034\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A malicious help:topic URL may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Paul Haddad of PTH Consulting for reporting this issue.\r\n\r\n * iCal\r\n\r\n CVE-ID: CVE-2008-1035\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use-after-free issue exists in the iCal application's handling of iCalendar (usually ".ics") files. Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by improving reference counting in the affected code. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rodrigo Carvalho of Core Security Technologies for reporting this issue.\r\n\r\n * International Components for Unicode\r\n\r\n CVE-ID: CVE-2008-1036\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting certain web sites may result in the disclosure of sensitive information\r\n\r\n Description: A conversion issue exists in ICU's handling of certain character encodings. Particular invalid character sequences may not appear in the converted output, and this can affect content filters. Visiting a maliciously crafted web site may lead to cross site scripting and the disclosure of sensitive information. This update addresses the issue by replacing invalid character sequences with a fallback character.\r\n\r\n * Image Capture\r\n\r\n CVE-ID: CVE-2008-1571\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Accessing a maliciously crafted URL may lead to information disclosure\r\n\r\n Description: A path traversal issue exists in Image Capture's embedded web server. This may lead to the disclosure of local files on the server system. This update addresses the issue through improved URL handling. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * Image Capture\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1572\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A local user may manipulate files with the privileges of another user running Image Capture\r\n\r\n Description: An insecure file operation exists in Image Capture's handling of temporary files. This could allow a local user to overwrite files with the privileges of another user running Image Capture, or to access the contents of images being resized. This update addresses the issue through improved handling of temporary files. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1573\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted BMP or GIF image may lead to information disclosure\r\n\r\n Description: An out-of-bounds memory read may occur in the BMP and GIF image decoding engine, which may lead to the disclosure of content in memory. This update addresses the issue by performing additional validation of BMP and GIF images. Credit to Gynvael Coldwind of Hispasec for reporting this issue.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.18\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.18, the most serious of which may lead to a remote denial of service. This update addresses the issue by updating to version 1.2.24. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1574\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in the handling of JPEG2000 image files may result in a heap buffer overflow. Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of JPEG2000 images.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-0177\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to cause to an unexpected system shutdown\r\n\r\n Description: An undetected failure condition exists in the handling of packets with an IPComp header. By sending a maliciously crafted packet to a system configured to use IPSec or IPv6, an attacker may cause an unexpected system shutdown. This update addresses the issue by properly detecting the failure condition.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6359\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A local user may be able to cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference exists in the kernel's handling of code signatures in the cs_validate_page function. This may allow a local user to cause an unexpected system shutdown. This update addresses the issue by performing additional validation of code signatures. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n * LoginWindow\r\n\r\n \r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Managed Client preferences may not be applied\r\n\r\n Description: This update addresses a non-security issue introduced in Security Update 2007-004. Due to a race condition, LoginWindow may fail to apply certain preferences to fail on systems managed by Managed Client for Mac OS X (MCX). This update addresses the issue by eliminating the race condition in the handling of managed preferences. This issue does not affect systems running Mac OS X v10.5.\r\n\r\n * Mail\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1576\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Sending mail through an SMTP server over IPv6 may lead to an unexpected application termination, information disclosure, or arbitrary code execution\r\n\r\n Description: An uninitialized buffer issue exists in Mail. When sending mail through an SMTP server over IPv6, Mail may use a buffer containing partially uninitialized memory, which could result in the disclosure of sensitive information to message recipients and mail server administrators. This could also potentially lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by properly initializing the variable. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Derek Morr of The Pennsylvania State University for reporting this issue.\r\n\r\n * ruby\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6612\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to read arbitrary files\r\n\r\n Description: Mongrel is updated to version 1.1.4 to address a directory traversal issue in DirHandler which may lead to the disclosure of sensitive information. Further information is available via the Mongrel web site at http://mongrel.rubyforge.org\r\n\r\n * Single Sign-On\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1578\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Passwords supplied to sso_util are exposed to other local users\r\n\r\n Description: The sso_util command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users, administrators, and the KDC administration password. This update makes the password parameter optional, and sso_util will prompt for the password if needed. Credit to Geoff Franks of Hauptman Woodward Institute for reporting this issue.\r\n\r\n * Wiki Server\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1579\r\n\r\n Available for: Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may determine valid user names on servers with the Wiki Server enabled\r\n\r\n Description: An information disclosure issue exists in Wiki Server when a nonexistent blog is accessed. Using the information in the error message, an attacker may deduce the existence of local user names. This update addresses the issue through improved handling of error messages. This issue does not affect systems prior to Mac OS X v10.5. Credit to Don Rainwater of the University of Cincinnati for reporting this issue.\r\n\r\n \r\n\r\nImportant: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.", "edition": 1, "reporter": "Securityvulns", "published": "2008-05-30T00:00:00", "title": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "modified": "2008-05-30T00:00:00", "id": "SECURITYVULNS:DOC:19937", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19937", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
