Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 Tenable Network Security, Inc.SUSE_11_FLASH-PLAYER-110921.NASL
HistoryDec 13, 2011 - 12:00 a.m.

SuSE 11.1 Security Update : flash-player (SAT Patch Number 5184)

2011-12-1300:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
9

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.102 Low

EPSS

Percentile

95.0%

JSON

This update resolves

  • a universal cross-site scripting issue that could be used to take actions on a user’s behalf on any website or webmail provider if the user visits a malicious website. (CVE-2011-2444)

    Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

  • an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426)

  • an AVM stack overflow issue that may lead to denial of service and code execution. (CVE-2011-2427).

  • a logic error issue which causes a browser crash and may lead to code execution. (CVE-2011- 2428).

  • a Flash Player security control bypass which could allow information disclosure. (CVE-2011-2429).

  • a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(57101);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2011-2426", "CVE-2011-2427", "CVE-2011-2428", "CVE-2011-2429", "CVE-2011-2430", "CVE-2011-2444");

  script_name(english:"SuSE 11.1 Security Update : flash-player (SAT Patch Number 5184)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update resolves

  - a universal cross-site scripting issue that could be
    used to take actions on a user's behalf on any website
    or webmail provider if the user visits a malicious
    website. (CVE-2011-2444)

    Note: There are reports that this issue is being
    exploited in the wild in active targeted attacks
    designed to trick the user into clicking on a malicious
    link delivered in an email message.

  - an AVM stack overflow issue that may allow for remote
    code execution. (CVE-2011-2426)

  - an AVM stack overflow issue that may lead to denial of
    service and code execution. (CVE-2011-2427).

  - a logic error issue which causes a browser crash and may
    lead to code execution. (CVE-2011- 2428).

  - a Flash Player security control bypass which could allow
    information disclosure. (CVE-2011-2429).

  - a streaming media logic error vulnerability which could
    lead to code execution. (CVE-2011-2430)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=719400"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2426.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2427.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2428.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2429.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2430.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2444.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5184.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"flash-player-10.3.183.10-0.2.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

freebsd 1
nessus 12
redhat 2
suse 1
openvas 10
nvd 6
checkpoint_advisories 4
seebug 5
cve 6
prion 6
ubuntucve 6
cvelist 6
threatpost 1
gentoo 1
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-06-06 00:00:00
nessus
nessus
SuSE 10 Security Update : flash-player (ZYPP Patch Number 7763)
2011-12-13 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2011:1333)
2011-09-23 00:00:00
FreeBSD : linux-flashplugin -- multiple vulnerabilities (53e531a7-e559-11e0-b481-001b2134ef46)
2011-09-23 00:00:00
redhat
redhat
(RHSA-2011:1333) Critical: flash-plugin security update
2011-09-22 00:00:00
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
suse
suse
Security update for flash-player (important)
2011-09-23 16:08:20
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (Sep 2011) - Linux
2011-09-30 00:00:00
Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows)
2011-09-30 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Sep 2011) - Windows
2011-09-30 00:00:00
nvd
nvd
CVE-2011-2428
2011-09-22 03:38:38
CVE-2011-2429
2011-09-22 03:38:38
CVE-2011-2427
2011-09-22 03:38:38
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player URI Protocol Cross Site Scripting (ASBP11-26; CVE-2011-2429)
2011-10-04 00:00:00
Adobe Flash Player ActionScript PCRE Memory Corruption (APSB11-26; CVE-2011-2427)
2011-10-11 00:00:00
Adobe Flash Player loadClip Cross Site Scripting (APSB11-26; CVE-2011-2444)
2011-10-04 00:00:00
seebug
seebug
Adobe Flash Player安全限制绕过信息泄露漏洞
2011-09-23 00:00:00
Adobe Flash Player逻辑错误远程代码执行漏洞
2011-09-23 00:00:00
Adobe Flash Player流媒体逻辑错误远程代码执行漏洞
2011-09-23 00:00:00
cve
cve
CVE-2011-2428
2011-09-22 03:38:38
CVE-2011-2429
2011-09-22 03:38:38
CVE-2011-2430
2011-09-22 03:38:38
prion
prion
Design/Logic Flaw
2011-09-22 03:38:00
Security feature bypass
2011-09-22 03:38:00
Stack overflow
2011-09-22 03:38:00
ubuntucve
ubuntucve
CVE-2011-2428
2011-09-22 00:00:00
CVE-2011-2429
2011-09-22 00:00:00
CVE-2011-2430
2011-09-22 00:00:00
cvelist
cvelist
CVE-2011-2428
2011-09-22 01:00:00
CVE-2011-2429
2011-09-22 01:00:00
CVE-2011-2427
2011-09-22 01:00:00
threatpost
threatpost
Adobe Pushes Out Flash Player Patch
2011-09-21 15:57:23
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.102 Low

EPSS

Percentile

95.0%

JSON
Related for SUSE_11_FLASH-PLAYER-110921.NASL
freebsd1nessus12redhat2suse1openvas10nvd6checkpoint_advisories4seebug5cve6prion6ubuntucve6cvelist6threatpost1gentoo1