Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2015-0491-1.NASLHistoryMay 20, 2015 - 12:00 a.m.
SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:0491-1)
2015-05-2000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
Adobe Flash Player was updated to 11.2.202.451 (bsc#922033).
These security issues were fixed :
-
Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
-
Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336).
-
A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337).
-
A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340).
-
An integer overflow vulnerability that could lead to code execution (CVE-2015-0338).
-
Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2015:0491-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(83698);
script_version("2.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2015-0332", "CVE-2015-0333", "CVE-2015-0334", "CVE-2015-0335", "CVE-2015-0336", "CVE-2015-0337", "CVE-2015-0338", "CVE-2015-0339", "CVE-2015-0340", "CVE-2015-0341", "CVE-2015-0342");
script_bugtraq_id(73080, 73081, 73082, 73083, 73084, 73085, 73086, 73087, 73088, 73089, 73091);
script_name(english:"SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:0491-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Adobe Flash Player was updated to 11.2.202.451 (bsc#922033).
These security issues were fixed :
- Memory corruption vulnerabilities that could lead to
code execution (CVE-2015-0332, CVE-2015-0333,
CVE-2015-0335, CVE-2015-0339).
- Type confusion vulnerabilities that could lead to code
execution (CVE-2015-0334, CVE-2015-0336).
- A vulnerability that could lead to a cross-domain policy
bypass (CVE-2015-0337).
- A vulnerability that could lead to a file upload
restriction bypass (CVE-2015-0340).
- An integer overflow vulnerability that could lead to
code execution (CVE-2015-0338).
- Use-after-free vulnerabilities that could lead to code
execution (CVE-2015-0341, CVE-2015-0342).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=922033"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0332/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0333/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0334/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0335/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0336/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0337/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0338/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0339/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0340/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0341/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-0342/"
);
# https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?d279b269"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Workstation Extension 12 :
zypper in -t patch SUSE-SLE-WE-12-2015-120=1
SUSE Linux Enterprise Desktop 12 :
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-120=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player NetConnection Type Confusion');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player-gnome");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"flash-player-11.2.202.451-72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"flash-player-gnome-11.2.202.451-72.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | flash-player | p-cpe:/a:novell:suse_linux:flash-player |
| novell | suse_linux | flash-player-gnome | p-cpe:/a:novell:suse_linux:flash-player-gnome |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0333
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0334
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0337
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0342
www.nessus.org/u?d279b269
bugzilla.suse.com/show_bug.cgi?id=922033
www.suse.com/security/cve/CVE-2015-0332/
www.suse.com/security/cve/CVE-2015-0333/
www.suse.com/security/cve/CVE-2015-0334/
www.suse.com/security/cve/CVE-2015-0335/
www.suse.com/security/cve/CVE-2015-0336/
www.suse.com/security/cve/CVE-2015-0337/
www.suse.com/security/cve/CVE-2015-0338/
www.suse.com/security/cve/CVE-2015-0339/
www.suse.com/security/cve/CVE-2015-0340/
www.suse.com/security/cve/CVE-2015-0341/
www.suse.com/security/cve/CVE-2015-0342/
Related
nessus
nessus
Flash Player < 17.0 Multiple Vulnerabilities (APSB15-05)
2015-03-27 00:00:00
SuSE 11.3 Security Update : flash-player (SAT Patch Number 10458)
2015-03-17 00:00:00
Adobe AIR <= 17.0.0.124 Multiple Vulnerabilities (APSB15-05)
2015-06-12 00:00:00
altlinux
altlinux
redhat
redhat
(RHSA-2015:0697) Critical: flash-plugin security update
2015-03-17 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0109)
2022-01-28 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (Mar 2015) - Linux
2015-03-17 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (Mar 2015) - Windows
2015-03-20 00:00:00
mageia
mageia
Updated flash-player-plugin package fixes security vulnerabilities
2015-03-14 21:44:24
archlinux
archlinux
flashplugin: multiple issues
2015-03-16 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-03-16 00:00:00
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-03-12 00:00:00
suse
suse
Security update for flash-player (critical)
2015-03-13 12:05:10
Security update for flash-player (critical)
2015-03-13 18:04:51
flashplayer to version 11.2.202.451 (important)
2015-03-14 11:04:48
thn
thn
Adobe Flash Player Update Patches 11 Critical Vulnerabilities
2015-03-12 21:28:00
cve
cve
ubuntucve
ubuntucve
prion
prion
Memory corruption
2015-03-13 17:59:00
Memory corruption
2015-03-13 17:59:00
Memory corruption
2015-03-13 17:59:00
kaspersky
kaspersky
KLA10462 Multiple vulnerabilities in Adobe Flash Player
2015-03-12 00:00:00
googleprojectzero
googleprojectzero
A Tale of Two Exploits
2015-04-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0337)
2015-03-23 00:00:00
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0332)
2015-03-23 00:00:00
symantec
symantec
hackerone
hackerone
zdt
zdt
Adobe Flash Player NetConnection Type Confusion Exploit
2015-05-08 00:00:00
zdi
zdi
packetstorm
packetstorm
Adobe Flash Player NetConnection Type Confusion
2015-05-07 00:00:00
metasploit
metasploit
Adobe Flash Player NetConnection Type Confusion
2015-05-27 22:05:10
exploitdb
exploitdb
Adobe Flash Player - NetConnection Type Confusion (Metasploit)
2015-05-08 00:00:00
threatpost
threatpost
Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS
2018-11-20 20:49:30
Chrome Browser Bug Under Active Attack
2021-06-10 20:07:53
Related for SUSE_SU-2015-0491-1.NASL