Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 Tenable Network Security, Inc.GENTOO_GLSA-201508-01.NASL
HistorySep 23, 2015 - 12:00 a.m.

GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities

2015-09-2300:00:00
This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.
www.tenable.com
17
JSON

The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
  Please review the CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201508-01.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86089);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/22");

  script_cve_id(
    "CVE-2015-3107",
    "CVE-2015-5122",
    "CVE-2015-5123",
    "CVE-2015-5124",
    "CVE-2015-5125",
    "CVE-2015-5127",
    "CVE-2015-5129",
    "CVE-2015-5130",
    "CVE-2015-5131",
    "CVE-2015-5132",
    "CVE-2015-5133",
    "CVE-2015-5134",
    "CVE-2015-5539",
    "CVE-2015-5540",
    "CVE-2015-5541",
    "CVE-2015-5544",
    "CVE-2015-5545",
    "CVE-2015-5546",
    "CVE-2015-5547",
    "CVE-2015-5548",
    "CVE-2015-5549",
    "CVE-2015-5550",
    "CVE-2015-5551",
    "CVE-2015-5552",
    "CVE-2015-5553",
    "CVE-2015-5554",
    "CVE-2015-5555",
    "CVE-2015-5556",
    "CVE-2015-5557",
    "CVE-2015-5558",
    "CVE-2015-5559",
    "CVE-2015-5560",
    "CVE-2015-5561",
    "CVE-2015-5562",
    "CVE-2015-5563",
    "CVE-2015-5564",
    "CVE-2015-5965"
  );
  script_xref(name:"GLSA", value:"201508-01");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");

  script_name(english:"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201508-01
(Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could possibly execute arbitrary code with the
      privileges of the process, cause a Denial of Service condition, obtain
      sensitive information, or bypass security restrictions.
  
Workaround :

    There is no known workaround at this time.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201508-01");
  script_set_attribute(attribute:"solution", value:
"All Adobe Flash Player users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-plugins/adobe-flash-11.2.202.508'");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash opaqueBackground Use After Free');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 11.2.202.508"), vulnerable:make_list("lt 11.2.202.508"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
}
VendorProductVersionCPE
gentoolinuxadobe-flashp-cpe:/a:gentoo:linux:adobe-flash
gentoolinuxcpe:/o:gentoo:linux

References

Related

nessus 28
gentoo 1
openvas 13
suse 8
mageia 2
altlinux 6
freebsd 2
redhat 2
prion 32
ubuntucve 33
cvelist 33
cve 32
threatpost 3
archlinux 2
thn 1
fireeye 1
nessus
nessus
FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)
2015-08-13 00:00:00
openSUSE Security Update : flash-player (openSUSE-2015-546)
2015-08-17 00:00:00
SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1373-1)
2015-08-13 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-08-15 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201508-01
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2015-0311)
2015-10-15 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2015:1374-1)
2015-10-16 00:00:00
suse
suse
Security update for flash-player (critical)
2015-08-12 16:09:33
Security update for flash-player (critical)
2015-08-12 16:09:53
Security update for flash-player (critical)
2015-08-14 19:09:22
mageia
mageia
Updated flash-player-plugin package fixes security vulnerabilities
2015-08-11 23:22:53
Updated flash-player-plugin package fixes security vulnerabilities
2015-07-17 00:20:30
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt52
2015-08-12 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt52
2015-08-12 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt50
2015-07-15 00:00:00
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-08-11 00:00:00
Adobe Flash Player -- critical vulnerabilities
2015-07-10 00:00:00
redhat
redhat
(RHSA-2015:1603) Critical: flash-plugin security update
2015-08-12 00:00:00
(RHSA-2015:1235) Critical: flash-plugin security update
2015-07-16 00:00:00
prion
prion
Design/Logic Flaw
2015-08-14 01:59:00
Design/Logic Flaw
2015-08-14 01:59:00
Design/Logic Flaw
2015-08-14 01:59:00
ubuntucve
ubuntucve
CVE-2015-5557
2015-08-14 00:00:00
CVE-2015-5134
2015-08-14 00:00:00
CVE-2015-5127
2015-08-14 00:00:00
cvelist
cvelist
CVE-2015-5127
2015-08-14 01:00:00
CVE-2015-5551
2015-08-14 01:00:00
CVE-2015-5564
2015-08-14 01:00:00
cve
cve
CVE-2015-5127
2015-08-14 01:59:00
CVE-2015-5130
2015-08-14 01:59:00
CVE-2015-5134
2015-08-14 01:59:00
threatpost
threatpost
Hacking Team Promises to Rebuild RCS
2015-07-13 12:43:38
New Campaign Targeting Japanese with Hacking Team Zero Day
2015-07-20 11:27:15
Adobe Patches Hacking Team Zero Days in Flash
2015-07-14 11:47:14
archlinux
archlinux
flashplugin: arbitrary code execution
2015-07-16 00:00:00
lib32-flashplugin: arbitrary code execution
2015-07-16 00:00:00
thn
thn
Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump
2015-07-11 20:34:00
fireeye
fireeye
Cybercrime News Results In Cybercrime Blues
2015-12-09 12:00:00
JSON
Related for GENTOO_GLSA-201508-01.NASL
nessus28gentoo1openvas13suse8mageia2altlinux6freebsd2redhat2prion32ubuntucve33cvelist33cve32threatpost3archlinux2thn1fireeye1