Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 Tenable Network Security, Inc.SUSE_11_FLASH-PLAYER-150206.NASL
HistoryFeb 09, 2015 - 12:00 a.m.

SuSE 11.3 Security Update : flash-player, flash-player-gnome, flash-player-kde4 (SAT Patch Number 10287)

2015-02-0900:00:00
This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.
www.tenable.com
14
JSON

flash-player was updated to version 11.2.202.442 to fix 18 security issues.

These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313 / CVE-2015-0315 / CVE-2015-0320 / CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314 / CVE-2015-0316 / CVE-2015-0318 / CVE-2015-0321 / CVE-2015-0329 / CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317 / CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323 / CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues.
(CVE-2015-0325 / CVE-2015-0326 / CVE-2015-0328)

More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81245);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/22");

  script_cve_id(
    "CVE-2015-0313",
    "CVE-2015-0314",
    "CVE-2015-0315",
    "CVE-2015-0316",
    "CVE-2015-0317",
    "CVE-2015-0318",
    "CVE-2015-0319",
    "CVE-2015-0320",
    "CVE-2015-0321",
    "CVE-2015-0322",
    "CVE-2015-0323",
    "CVE-2015-0324",
    "CVE-2015-0325",
    "CVE-2015-0326",
    "CVE-2015-0327",
    "CVE-2015-0328",
    "CVE-2015-0329",
    "CVE-2015-0330"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");

  script_name(english:"SuSE 11.3 Security Update : flash-player, flash-player-gnome, flash-player-kde4 (SAT Patch Number 10287)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 11 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"flash-player was updated to version 11.2.202.442 to fix 18 security
issues.

These security issues were fixed: - Use-after-free vulnerabilities
that could lead to code execution (CVE-2015-0313 / CVE-2015-0315 /
CVE-2015-0320 / CVE-2015-0322). - Memory corruption vulnerabilities
that could lead to code execution (CVE-2015-0314 / CVE-2015-0316 /
CVE-2015-0318 / CVE-2015-0321 / CVE-2015-0329 / CVE-2015-0330). - Type
confusion vulnerabilities that could lead to code execution
(CVE-2015-0317 / CVE-2015-0319). - Heap buffer overflow
vulnerabilities that could lead to code execution (CVE-2015-0323 /
CVE-2015-0327). - Buffer overflow vulnerability that could lead to
code execution (CVE-2015-0324). - NULL pointer dereference issues.
(CVE-2015-0325 / CVE-2015-0326 / CVE-2015-0328)

More information is available at
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=915918");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0313.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0314.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0315.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0316.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0317.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0318.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0319.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0320.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0321.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0322.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0323.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0324.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0325.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0326.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0327.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0328.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0329.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-0330.html");
  script_set_attribute(attribute:"solution", value:
"Apply SAT patch number 10287.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player PCRE Regex Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-kde4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-11.2.202.442-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-gnome-11.2.202.442-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-kde4-11.2.202.442-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-11.2.202.442-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.442-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.442-0.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player-gnome
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:flash-player-kde4
novellsuse_linux11cpe:/o:novell:suse_linux:11

References

Related

altlinux 1
suse 4
nessus 12
archlinux 1
openvas 7
mageia 1
redhat 1
prion 19
ubuntucve 19
cve 19
attackerkb 3
gentoo 1
checkpoint_advisories 19
threatpost 5
canvas 1
symantec 1
zdt 2
cisa_kev 1
zdi 1
hackerone 3
packetstorm 2
exploitpack 1
metasploit 2
googleprojectzero 6
exploitdb 3
thn 2
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt41
2015-02-06 00:00:00
suse
suse
Security update for flash-player (critical)
2015-02-07 10:05:06
update for flash-player (critical)
2015-02-07 14:04:53
Security update for flash-player, flash-player-gnome, flash-player-kde4 (critical)
2015-02-07 19:07:55
nessus
nessus
openSUSE Security Update : flash-player (openSUSE-2015-118)
2015-02-09 00:00:00
Flash Player For Mac <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
2015-02-02 00:00:00
MS KB3021953: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
2015-02-06 00:00:00
archlinux
archlinux
flashplugin: remote code execution
2015-02-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0054)
2022-01-28 00:00:00
Adobe Flash Player Unspecified Vulnerability - 01 (Feb 2015) - Windows
2015-02-03 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2015:0239-1)
2015-10-16 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-02-06 19:51:41
redhat
redhat
(RHSA-2015:0140) Critical: flash-plugin security update
2015-02-06 00:00:00
prion
prion
Memory corruption
2015-02-06 00:59:00
Memory corruption
2015-02-06 00:59:00
Memory corruption
2015-02-06 00:59:00
ubuntucve
ubuntucve
CVE-2015-0329
2015-02-06 00:00:00
CVE-2015-0318
2015-02-06 00:00:00
CVE-2015-0316
2015-02-06 00:00:00
cve
cve
CVE-2015-0329
2015-02-06 00:59:00
CVE-2015-0314
2015-02-06 00:59:00
CVE-2015-0321
2015-02-06 00:59:00
attackerkb
attackerkb
CVE-2015-0320
2015-02-06 00:00:00
CVE-2015-0313
2015-02-02 00:00:00
CVE-2015-0322
2015-02-06 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-02-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Heap Buffer Overflow (APSB15-04: CVE-2015-0327)
2015-02-24 00:00:00
Adobe Flash Player Null Pointer Dereference (APSB15-04: CVE-2015-0328)
2015-02-25 00:00:00
Adobe Flash Player Buffer Overflow (APSB15-04: CVE-2015-0324)
2015-02-24 00:00:00
threatpost
threatpost
Adobe Begins Patching Third Flash Player Zero Day
2015-02-04 16:44:42
Another Flash Zero Day Emerges
2015-02-02 08:51:33
Angler Exploit Kit, Bedep Malware Inflating Video Views
2015-05-05 08:00:41
canvas
canvas
Immunity Canvas: ADOBE_FLASH_DOMAINMEMORY_UAF
2015-02-02 19:59:00
symantec
symantec
Adobe Flash Player CVE-2015-0313 Remote Code Execution Vulnerability
2015-02-02 00:00:00
zdt
zdt
Adobe Flash Player ByteArray With Workers Use After Free Exploit
2015-04-02 00:00:00
Adobe Flash Player PCRE Regex Logic Error Exploit
2015-03-20 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player Use-After-Free Vulnerability
2022-04-13 00:00:00
zdi
zdi
Adobe Flash Player BitmapFilter Invalid Object Corruption Remote Code Execution Vulnerability
2015-02-10 00:00:00
hackerone
hackerone
Internet Bug Bounty: Use After Free in Flash MessageChannel.send can cause arbitrary code execution
2015-02-09 18:50:52
Internet Bug Bounty: Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
2015-02-09 18:44:09
Internet Bug Bounty: Adobe Flash Player Out-of-Bound Access Vulnerability
2015-02-07 14:50:18
packetstorm
packetstorm
Adobe Flash Player ByteArray With Workers Use After Free
2015-03-30 00:00:00
Adobe Flash Player PCRE Regex Logic Error
2015-03-18 00:00:00
exploitpack
exploitpack
Adobe Flash Player - Arbitrary Code Execution
2015-03-25 00:00:00
metasploit
metasploit
Adobe Flash Player ByteArray With Workers Use After Free
2015-03-27 23:51:13
Adobe Flash Player PCRE Regex Vulnerability
2015-03-11 14:58:41
googleprojectzero
googleprojectzero
Taming the wild copy: Parallel Thread Corruption
2015-03-19 00:00:00
Feedback and data-driven updates to Google’s disclosure policy
2015-02-13 00:00:00
A Token’s Tale
2015-02-09 00:00:00
exploitdb
exploitdb
Adobe Flash Player - ByteArray With Workers Use-After-Free (Metasploit)
2015-03-31 00:00:00
Adobe Flash Player - Arbitrary Code Execution
2015-03-25 00:00:00
Adobe Flash Player - PCRE Regex (Metasploit)
2015-03-17 00:00:00
thn
thn
Another Unpatched Adobe Flash Zero-Day vulnerability Exploited in the Wild
2015-02-02 06:29:00
Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
2023-02-27 15:33:00
JSON
Related for SUSE_11_FLASH-PLAYER-150206.NASL
altlinux1suse4nessus12archlinux1openvas7mageia1redhat1prion19ubuntucve19cve19attackerkb3gentoo1checkpoint_advisories19threatpost5canvas1symantec1zdt2cisa_kev1zdi1hackerone3packetstorm2exploitpack1metasploit2googleprojectzero6exploitdb3thn2