Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-201606-08.NASL
HistoryJun 20, 2016 - 12:00 a.m.

GLSA-201606-08 : Adobe Flash Player: Multiple vulnerabilities

2016-06-2000:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
JSON

The remote host is affected by the vulnerability described in GLSA-201606-08 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
  Please review the CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201606-08.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91702);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/28");

  script_cve_id(
    "CVE-2016-1019",
    "CVE-2016-4117",
    "CVE-2016-4120",
    "CVE-2016-4121",
    "CVE-2016-4160",
    "CVE-2016-4161",
    "CVE-2016-4162",
    "CVE-2016-4163",
    "CVE-2016-4171"
  );
  script_xref(name:"GLSA", value:"201606-08");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");

  script_name(english:"GLSA-201606-08 : Adobe Flash Player: Multiple vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201606-08
(Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could possibly execute arbitrary code with the
      privileges of the process, cause a Denial of Service condition, obtain
      sensitive information, or bypass security restrictions.
  
Workaround :

    There is no known workaround at this time.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201606-08");
  script_set_attribute(attribute:"solution", value:
"All Adobe Flash Player users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose 'www-plugins/adobe-flash-11.2.202.626'");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 11.2.202.626"), vulnerable:make_list("lt 11.2.202.626"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
}
VendorProductVersionCPE
gentoolinuxadobe-flashp-cpe:/a:gentoo:linux:adobe-flash
gentoolinuxcpe:/o:gentoo:linux

Related

gentoo 1
threatpost 16
securelist 3
thn 4
checkpoint_advisories 4
prion 10
ubuntucve 10
redhatcve 8
cve 10
nessus 31
fireeye 8
openvas 32
hackerone 1
suse 11
zdt 1
metasploit 1
packetstorm 1
mmpc 2
cisa_kev 3
cert 1
attackerkb 4
redhat 3
freebsd 3
exploitdb 1
malwarebytes 1
mssecure 1
mscve 3
qualysblog 1
archlinux 5
altlinux 6
mageia 3
kaspersky 1
myhack58 1
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2016-06-18 00:00:00
threatpost
threatpost
Adobe Patches Flash Zero Day Under Attack by APT Group
2016-06-17 06:00:38
UCL Ransomware Linked to AdGholas Malvertising Group
2017-06-20 14:27:43
Flash Exploit Found in Seven Exploit Kits
2016-12-06 13:58:56
securelist
securelist
APT Trends Report Q2 2018
2018-07-10 10:00:22
BlackOasis APT and new targeted attacks leveraging zero-day exploit
2017-10-16 14:28:47
APT Trends report Q2 2017
2017-08-08 14:00:40
thn
thn
Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit
2016-12-06 21:08:00
US Warns of 'DeltaCharlie' – A North Korean DDoS Botnet Malware
2017-06-14 01:23:00
Adobe to issue Emergency Patch for Critical Flash Player Vulnerability
2016-04-05 23:26:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free Code Execution (APSB16-15: CVE-2016-4121)
2016-06-13 00:00:00
Adobe Flash Out of Bounds Access Code Corruption (CVE-2016-4117)
2016-05-13 00:00:00
Adobe Flash Player Memory Corruption (APSA16-03: CVE-2016-4171)
2016-06-15 00:00:00
prion
prion
Memory corruption
2016-06-16 14:59:00
Memory corruption
2016-06-16 14:59:00
Memory corruption
2016-06-16 14:59:00
ubuntucve
ubuntucve
CVE-2016-4163
2016-06-16 00:00:00
CVE-2016-4162
2016-06-16 00:00:00
CVE-2016-4160
2016-06-16 00:00:00
redhatcve
redhatcve
CVE-2016-4163
2016-06-06 07:48:35
CVE-2016-4161
2016-06-06 07:48:26
CVE-2016-4120
2016-05-20 07:48:22
cve
cve
CVE-2016-4161
2016-06-16 14:59:00
CVE-2016-4162
2016-06-16 14:59:00
CVE-2016-4163
2016-06-16 14:59:00
nessus
nessus
openSUSE Security Update : flash-player (openSUSE-2016-587)
2016-05-18 00:00:00
openSUSE Security Update : flash-player (openSUSE-2016-440)
2016-04-13 00:00:00
openSUSE Security Update : flash-player (openSUSE-2016-433)
2016-04-13 00:00:00
fireeye
fireeye
CVE-2016-4117: Flash Zero-Day Exploited in the Wild
2016-05-13 20:00:00
CVE-2016-4117: Flash Zero-Day Exploited in the Wild
2016-05-14 00:00:00
CVE-2016-4117: Flash Zero-Day Exploited in the Wild
2016-05-13 20:00:00
openvas
openvas
Adobe Flash Player Security Update (apsa16-02) - Linux
2016-05-12 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2016:0990-1)
2016-04-09 00:00:00
Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3157993)
2017-03-18 00:00:00
hackerone
hackerone
Internet Bug Bounty: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability
2016-05-19 21:56:20
suse
suse
Security update for flash-player (important)
2016-05-17 14:08:54
Security update for flash-player (important)
2016-05-17 14:09:11
Security update for flash-player (important)
2016-04-26 17:08:38
zdt
zdt
Adobe Flash Player DeleteRangeTimelineOperation Type Confusion Exploit
2019-02-09 00:00:00
metasploit
metasploit
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
2018-12-21 08:54:35
packetstorm
packetstorm
Adobe Flash Player DeleteRangeTimelineOperation Type Confusion
2019-02-09 00:00:00
mmpc
mmpc
Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series
2017-01-23 22:37:34
Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe
2016-12-14 18:55:25
cisa_kev
cisa_kev
Adobe Flash Player Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
Adobe Flash Player Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
Adobe Flash Player Remote Code Execution Vulnerability
2022-03-25 00:00:00
cert
cert
Adobe Flash memory corruption vulnerability
2016-06-15 00:00:00
attackerkb
attackerkb
CVE-2016-4171
2016-06-16 00:00:00
CVE-2016-4117
2016-05-11 00:00:00
CVE-2016-1019
2016-04-07 00:00:00
redhat
redhat
(RHSA-2016:1079) Critical: flash-plugin security update
2016-05-13 00:00:00
(RHSA-2016:0610) Critical: flash-plugin security update
2016-04-08 00:00:00
(RHSA-2016:1238) Critical: flash-plugin security update
2016-06-17 00:00:00
freebsd
freebsd
flash -- multiple vulnerabilities
2016-05-12 00:00:00
flash -- multiple vulnerabilities
2016-04-07 00:00:00
flash -- multiple vulnerabilities
2016-06-16 00:00:00
exploitdb
exploitdb
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
2019-02-11 00:00:00
malwarebytes
malwarebytes
CISA list of 95 new known exploited vulnerabilities raises questions
2022-03-14 11:18:33
mssecure
mssecure
Office 365 Advanced Threat Protection defense for corporate networks against recent Office exploit attacks
2017-11-21 13:46:01
mscve
mscve
April 2016 Adobe Flash Security Update
2016-04-12 07:00:00
June 2016 Adobe Flash Security Update
2016-06-14 07:00:00
March 2016 Adobe Flash Security Update
2016-05-10 07:00:00
qualysblog
qualysblog
The Rise of Ransomware
2021-10-05 12:50:00
archlinux
archlinux
lib32-flashplugin: arbitrary code execution
2016-05-12 00:00:00
flashplugin: arbitrary code execution
2016-05-12 00:00:00
flashplugin: multiple issues
2016-04-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt62
2016-05-13 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt62
2016-05-13 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt61
2016-04-08 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerability
2016-05-12 23:00:19
Updated flash-player-plugin packages fix security vulnerabilities
2016-04-08 09:17:28
Updated flash-player-plugin packages fix security vulnerabilities
2016-06-17 08:58:14
kaspersky
kaspersky
KLA10830 Multiple vulnerabilities in Adobe Flash Player
2016-06-16 00:00:00
myhack58
myhack58
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00
JSON
Related for GENTOO_GLSA-201606-08.NASL
gentoo1threatpost16securelist3thn4checkpoint_advisories4prion10ubuntucve10redhatcve8cve10nessus31fireeye8openvas32hackerone1suse11zdt1metasploit1packetstorm1mmpc2cisa_kev3cert1attackerkb4redhat3freebsd3exploitdb1malwarebytes1mssecure1mscve3qualysblog1archlinux5altlinux6mageia3kaspersky1myhack581