Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-201610-10.NASL
HistoryOct 31, 2016 - 12:00 a.m.

GLSA-201610-10 : Adobe Flash Player: Multiple vulnerabilities

2016-10-3100:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The remote host is affected by the vulnerability described in GLSA-201610-10 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
  Please review the CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201610-10.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94421);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");

  script_cve_id(
    "CVE-2016-4182",
    "CVE-2016-4271",
    "CVE-2016-4272",
    "CVE-2016-4273",
    "CVE-2016-4274",
    "CVE-2016-4275",
    "CVE-2016-4276",
    "CVE-2016-4277",
    "CVE-2016-4278",
    "CVE-2016-4279",
    "CVE-2016-4280",
    "CVE-2016-4281",
    "CVE-2016-4282",
    "CVE-2016-4283",
    "CVE-2016-4284",
    "CVE-2016-4285",
    "CVE-2016-4286",
    "CVE-2016-4287",
    "CVE-2016-6921",
    "CVE-2016-6922",
    "CVE-2016-6923",
    "CVE-2016-6924",
    "CVE-2016-6925",
    "CVE-2016-6926",
    "CVE-2016-6927",
    "CVE-2016-6929",
    "CVE-2016-6930",
    "CVE-2016-6931",
    "CVE-2016-6932",
    "CVE-2016-6981",
    "CVE-2016-6982",
    "CVE-2016-6983",
    "CVE-2016-6984",
    "CVE-2016-6985",
    "CVE-2016-6986",
    "CVE-2016-6987",
    "CVE-2016-6989",
    "CVE-2016-6990",
    "CVE-2016-6992",
    "CVE-2016-7855"
  );
  script_xref(name:"GLSA", value:"201610-10");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"GLSA-201610-10 : Adobe Flash Player: Multiple vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201610-10
(Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could possibly execute arbitrary code with the
      privileges of the process, cause a Denial of Service condition, obtain
      sensitive information, or bypass security restrictions.
  
Workaround :

    There is no known workaround at this time.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201610-10");
  script_set_attribute(attribute:"solution", value:
"All Adobe Flash Player 23.x users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-plugins/adobe-flash-23.0.0.205'
    All Adobe Flash Player 11.x users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-plugins/adobe-flash-11.2.202.635'");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 23.0.0.205", "rge 11.2.202.635", "rge 11.2.202.643", "rge 11.2.202.644"), vulnerable:make_list("lt 23.0.0.205"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
}
VendorProductVersionCPE
gentoolinuxadobe-flashp-cpe:/a:gentoo:linux:adobe-flash
gentoolinuxcpe:/o:gentoo:linux

References

Related

gentoo 1
altlinux 4
archlinux 2
openvas 16
nessus 15
redhat 2
mageia 2
mscve 2
kaspersky 2
suse 4
redhatcve 34
freebsd 1
prion 29
cvelist 28
ubuntucve 28
cve 29
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2016-10-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt65
2016-09-22 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt65
2016-09-20 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt66
2016-10-12 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2016-09-15 00:00:00
lib32-flashplugin: multiple issues
2016-09-15 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0315)
2022-01-28 00:00:00
Adobe Flash Player Security Update (APSB16-29) - Linux
2016-09-14 00:00:00
Adobe Flash Player Security Update (APSB16-29) - Windows
2016-09-14 00:00:00
nessus
nessus
Adobe Flash Player for Mac <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)
2016-09-13 00:00:00
Adobe Flash Player <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)
2016-09-13 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2016:1865)
2016-09-15 00:00:00
redhat
redhat
(RHSA-2016:1865) Critical: flash-plugin security update
2016-09-14 00:00:00
(RHSA-2016:2057) Critical: flash-plugin security update
2016-10-12 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerability
2016-09-21 23:38:22
Updated flash-player-plugin package fixes security vulnerabilities
2016-10-18 21:46:12
mscve
mscve
September 2016 Adobe Flash Security Update
2016-09-13 07:00:00
November 2016 Adobe Flash Security Update
2016-10-11 07:00:00
kaspersky
kaspersky
KLA10868 Multiple vulnerabilities in Adobe Flash Player
2016-09-13 00:00:00
KLA10879 Multiple vulnerabilities in Adobe Flash Player
2016-10-11 00:00:00
suse
suse
Recommended update for flash-player (important)
2016-09-14 21:08:55
Recommended update for flash-player (important)
2016-09-25 12:10:38
Security update for flash-player (important)
2016-09-15 14:11:35
redhatcve
redhatcve
CVE-2016-6982
2016-10-12 08:18:32
CVE-2016-6986
2016-10-12 08:18:53
CVE-2016-6984
2016-10-12 08:18:41
freebsd
freebsd
flash -- multiple vulnerabilities
2016-10-11 00:00:00
prion
prion
Design/Logic Flaw
2016-09-14 18:59:00
Design/Logic Flaw
2016-09-14 18:59:00
Design/Logic Flaw
2016-09-14 18:59:00
cvelist
cvelist
CVE-2016-6921
2016-09-14 18:00:00
CVE-2016-6929
2016-09-14 18:00:00
CVE-2016-6926
2016-09-14 18:00:00
ubuntucve
ubuntucve
CVE-2016-6932
2016-09-14 00:00:00
CVE-2016-6925
2016-09-14 00:00:00
CVE-2016-4272
2016-09-14 00:00:00
cve
cve
CVE-2016-4272
2016-09-14 18:59:00
CVE-2016-6926
2016-09-14 18:59:00
CVE-2016-6929
2016-09-14 18:59:00
JSON
Related for GENTOO_GLSA-201610-10.NASL
gentoo1altlinux4archlinux2openvas16nessus15redhat2mageia2mscve2kaspersky2suse4redhatcve34freebsd1prion29cvelist28ubuntucve28cve29