Lucene search
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2015-1771-1.NASLHistoryOct 19, 2015 - 12:00 a.m.
SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1771-1)
2015-10-1900:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
flash-player was updated to fix one security issue.
This security issue was fixed :
- CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2015:1771-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(86442);
script_version("2.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");
script_cve_id("CVE-2015-7645");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
script_name(english:"SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1771-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"flash-player was updated to fix one security issue.
This security issue was fixed :
- CVE-2015-7645: Critical vulnerability affecting
11.2.202.535 used in Pawn Storm (APSA15-05)
(bsc#950474).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=950474");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7645/");
# https://www.suse.com/support/update/announcement/2015/suse-su-20151771-1.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4941a351");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Desktop 11-SP4 :
zypper in -t patch sledsp4-flash-player-12139=1
SUSE Linux Enterprise Desktop 11-SP3 :
zypper in -t patch sledsp3-flash-player-12139=1
To bring your system up-to-date, use 'zypper patch'.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player-gnome");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player-kde4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLED11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3/4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"flash-player-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"flash-player-gnome-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"flash-player-kde4-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"flash-player-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"flash-player-gnome-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"flash-player-kde4-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"flash-player-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"flash-player-gnome-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"flash-player-kde4-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"flash-player-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"flash-player-gnome-11.2.202.540-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"flash-player-kde4-11.2.202.540-0.23.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | flash-player | p-cpe:/a:novell:suse_linux:flash-player |
| novell | suse_linux | flash-player-gnome | p-cpe:/a:novell:suse_linux:flash-player-gnome |
| novell | suse_linux | flash-player-kde4 | p-cpe:/a:novell:suse_linux:flash-player-kde4 |
| novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
Related
threatpost
threatpost
Emergency Adobe Flash Player Security Update
2015-10-15 11:29:43
Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule
2015-10-16 12:12:28
Flash Exploit Found in Seven Exploit Kits
2016-12-06 13:58:56
symantec
symantec
Adobe Flash Player CVE-2015-7645 Remote Code Execution Vulnerability
2015-10-13 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
ubuntucve
ubuntucve
CVE-2015-7645
2015-10-15 00:00:00
suse
suse
Security update for flash-player (critical)
2015-10-16 17:10:45
Security update for flash-player (critical)
2015-10-16 17:10:26
Security update for flash-player (critical)
2015-10-16 16:10:56
nessus
nessus
openSUSE Security Update : flash-player (openSUSE-2015-665)
2015-10-19 00:00:00
SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1770-1)
2015-10-19 00:00:00
kaspersky
kaspersky
KLA10684 Flash Player update for Google Chrome
2015-10-22 00:00:00
KLA10680 Code execution vulnerability in Adobe Flash Player
2015-10-14 00:00:00
prion
prion
Code injection
2015-10-15 10:59:00
thn
thn
THN Weekly Roundup — Top 10 Hacking News Stories You Shouldn’t Miss
2015-10-18 21:18:00
Emergency Patch released for Latest Flash Zero-Day Vulnerability
2015-10-16 22:06:00
cve
cve
CVE-2015-7645
2015-10-15 10:59:00
attackerkb
attackerkb
CVE-2015-7645
2015-10-15 00:00:00
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2015:1770-1)
2015-10-17 00:00:00
Adobe Flash Player Unspecified Vulnerability (Oct 2015) - Linux
2015-10-16 00:00:00
Adobe Flash Player Unspecified Vulnerability (Oct 2015) - Windows
2015-10-16 00:00:00
myhack58
myhack58
mageia
mageia
Updated flash-player-plugin package fix security vulnerabilities
2015-10-17 11:53:25
freebsd
freebsd
flash -- remote code execution
2015-10-16 00:00:00
redhat
redhat
(RHSA-2015:1913) Critical: flash-plugin security update
2015-10-16 00:00:00
(RHSA-2015:2024) Critical: flash-plugin security update
2015-11-11 00:00:00
altlinux
altlinux
checkpoint_advisories
checkpoint_advisories
archlinux
archlinux
flashplugin: arbitrary code execution
2015-10-18 00:00:00
fireeye
fireeye
Cybercrime News Results In Cybercrime Blues
2015-12-09 12:00:00
Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit
2017-08-22 10:00:00
Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit
2017-08-22 14:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-11-17 00:00:00
Related for SUSE_SU-2015-1771-1.NASL