Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.SUSE_11_FLASH-PLAYER-141214.NASL
HistoryDec 16, 2014 - 12:00 a.m.

SuSE 11.3 Security Update : flash-player (SAT Patch Number 10090)

2014-12-1600:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
9

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.764 High

EPSS

Percentile

98.2%

JSON

This flash-player security update fixes the following issues :

  • Security update to 11.2.202.425 (bnc#909219) :

  • APSB14-27, (CVE-2014-0580 / CVE-2014-0587 / CVE-2014-8443 / CVE-2014-9162 / CVE-2014-9163 / CVE-2014-9164)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80054);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/22");

  script_cve_id(
    "CVE-2014-0580",
    "CVE-2014-0587",
    "CVE-2014-8443",
    "CVE-2014-9162",
    "CVE-2014-9163",
    "CVE-2014-9164"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");

  script_name(english:"SuSE 11.3 Security Update : flash-player (SAT Patch Number 10090)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 11 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This flash-player security update fixes the following issues :

  - Security update to 11.2.202.425 (bnc#909219) :

  - APSB14-27, (CVE-2014-0580 / CVE-2014-0587 /
    CVE-2014-8443 / CVE-2014-9162 / CVE-2014-9163 /
    CVE-2014-9164)");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=909219");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0580.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0587.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-8443.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-9162.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-9163.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-9164.html");
  script_set_attribute(attribute:"solution", value:
"Apply SAT patch number 10090.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-kde4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-11.2.202.425-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-gnome-11.2.202.425-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-kde4-11.2.202.425-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-11.2.202.425-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.425-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.425-0.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player-gnome
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player-kde4
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

nessus 10
suse 3
mageia 1
openvas 8
archlinux 1
redhat 1
gentoo 1
cve 6
prion 6
nvd 6
cvelist 6
ubuntucve 6
cisa_kev 1
checkpoint_advisories 4
zdt 2
symantec 1
attackerkb 1
zdi 2
threatpost 2
nessus
nessus
Flash Player For Mac <= 15.0.0.239 Multiple Vulnerabilities (APSB14-27)
2014-12-09 00:00:00
Google Chrome < 39.0.2171.95 Multiple Vulnerabilities
2014-12-09 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2014:1629-1)
2014-12-15 00:00:00
suse
suse
Security update for flash-player (important)
2014-12-16 01:04:46
Security update for flash-player (critical)
2014-12-12 00:05:07
Security update for flash-player (important)
2014-12-12 14:04:42
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-12-09 23:12:41
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (APSB14-27)- 01 (Dec 2014) - Linux
2014-12-15 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2014:1650-1)
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2014-0521)
2022-01-28 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2014-12-12 00:00:00
redhat
redhat
(RHSA-2014:1981) Critical: flash-plugin security update
2014-12-10 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-12-11 00:00:00
cve
cve
CVE-2014-9164
2014-12-10 21:59:36
CVE-2014-0587
2014-12-10 21:59:01
CVE-2014-9163
2014-12-10 21:59:35
prion
prion
Memory corruption
2014-12-10 21:59:00
Memory corruption
2014-12-10 21:59:00
Information disclosure
2014-12-10 21:59:00
nvd
nvd
CVE-2014-9164
2014-12-10 21:59:36
CVE-2014-0587
2014-12-10 21:59:01
CVE-2014-9163
2014-12-10 21:59:35
cvelist
cvelist
CVE-2014-9164
2014-12-10 21:00:00
CVE-2014-0587
2014-12-10 21:00:00
CVE-2014-9162
2014-12-10 21:00:00
ubuntucve
ubuntucve
CVE-2014-9164
2014-12-10 00:00:00
CVE-2014-0587
2014-12-10 00:00:00
CVE-2014-9163
2014-12-10 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
2022-04-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Stack Buffer Overflow (CVE-2014-9163)
2014-12-14 00:00:00
Adobe Flash Player Information Disclosure (APSB14-27: CVE-2014-9162)
2014-12-25 00:00:00
Adobe Flash Player Use After Free Code Execution (APSB14-27: CVE-2014-8443)
2015-01-11 00:00:00
zdt
zdt
Adobe Flash Player parseFloat Stack Buffer Overflow Remote Code Execution Vulnerability
2014-12-10 00:00:00
Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability
2014-12-10 00:00:00
symantec
symantec
Adobe Flash Player CVE-2014-9163 Stack Based Buffer Overflow Vulnerability
2014-12-09 00:00:00
attackerkb
attackerkb
CVE-2014-9163
2014-12-10 00:00:00
zdi
zdi
Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability
2014-12-09 00:00:00
Adobe Flash Player parseFloat Stack Buffer Overflow Remote Code Execution Vulnerability
2014-12-09 00:00:00
threatpost
threatpost
Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days
2015-02-11 16:07:36
December 2014 Adobe Flash, Reader, Acrobat, ColdFusion Patch
2014-12-09 12:17:22

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.764 High

EPSS

Percentile

98.2%

JSON
Related for SUSE_11_FLASH-PLAYER-141214.NASL
nessus10suse3mageia1openvas8archlinux1redhat1gentoo1cve6prion6nvd6cvelist6ubuntucve6cisa_kev1checkpoint_advisories4zdt2symantec1attackerkb1zdi2threatpost2