Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
2011-09-07T00:00:00
ID OPENVAS:1361412562310802144 Type openvas Reporter Copyright (c) 2011 Greenbone Networks GmbH Modified 2019-03-19T00:00:00
Description
This host is missing an important security update according to
Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_macosx_su10-007.nasl 14307 2019-03-19 10:09:27Z cfischer $
#
# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
#
# Authors:
# Madhuri D <dmadhuri@secpod.com>
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.802144");
script_version("$Revision: 14307 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $");
script_tag(name:"creation_date", value:"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)");
script_cve_id("CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2009-0796",
"CVE-2010-0408", "CVE-2010-0434", "CVE-2010-1842", "CVE-2010-1831",
"CVE-2010-1832", "CVE-2010-1833", "CVE-2010-4010", "CVE-2010-1752",
"CVE-2010-1834", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-2941",
"CVE-2010-1838", "CVE-2010-1840", "CVE-2010-0105", "CVE-2010-1841",
"CVE-2008-4546", "CVE-2009-3793", "CVE-2010-0209", "CVE-2010-1297",
"CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163",
"CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167",
"CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172",
"CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176",
"CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180",
"CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184",
"CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2189",
"CVE-2010-2188", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215",
"CVE-2010-2216", "CVE-2010-2884", "CVE-2010-3636", "CVE-2010-3638",
"CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642",
"CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646",
"CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650",
"CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3976", "CVE-2010-0001",
"CVE-2009-2624", "CVE-2010-1844", "CVE-2010-1845", "CVE-2010-1811",
"CVE-2010-1846", "CVE-2010-1847", "CVE-2010-1848", "CVE-2010-1849",
"CVE-2010-1850", "CVE-2009-2473", "CVE-2009-2474", "CVE-2010-1843",
"CVE-2010-0211", "CVE-2010-0212", "CVE-2010-1378", "CVE-2010-3783",
"CVE-2010-0397", "CVE-2010-2531", "CVE-2010-2484", "CVE-2010-3784",
"CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-3785",
"CVE-2010-3786", "CVE-2010-3787", "CVE-2010-3788", "CVE-2010-3789",
"CVE-2010-3790", "CVE-2010-3791", "CVE-2010-3792", "CVE-2010-3793",
"CVE-2010-3794", "CVE-2010-3795", "CVE-2010-3796", "CVE-2010-1803",
"CVE-2010-3797", "CVE-2010-0205", "CVE-2010-3798", "CVE-2009-0946",
"CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500",
"CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806",
"CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054",
"CVE-2011-1417", "CVE-2010-1205", "CVE-2010-2249", "CVE-2011-1290",
"CVE-2011-1344");
script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,
44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,
31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,
40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,
40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,
40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,
40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,
44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,
44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,
37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,
40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,
38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,
44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,
42285, 42624, 42621, 46832, 41174, 46849, 46822);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)");
script_xref(name:"URL", value:"http://support.apple.com/kb/HT4435");
script_xref(name:"URL", value:"http://www.securitytracker.com/id?1024723");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html");
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_category(ACT_GATHER_INFO);
script_family("Mac OS X Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_require_ports("Services/ssh", 22);
script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.[0-5]\.");
script_tag(name:"impact", value:"Successful exploitation could allow attackers to execute arbitrary code in
the context of the browser, obtain potentially sensitive information or cause
a denial-of-service condition.");
script_tag(name:"affected", value:"AFP Server
Apache mod_perl
Apache
AppKit
ATS
CFNetwork
CoreGraphics
CoreText
CUPS
Flash Player plug-in
gzip
Image Capture
ImageIO
Image RAW
MySQL
neon
OpenLDAP
OpenSSL
Password Server
PHP
python
Apple iWork
Apple Safari
Apple iTunes
QuickLook
QuickTime
Wiki Server
xar
X11
Time Machine
WebKit Open Source");
script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");
script_tag(name:"solution", value:"Run Mac Updates and update the Security Update 2010-007");
script_tag(name:"summary", value:"This host is missing an important security update according to
Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-macosx.inc");
include("version_func.inc");
osName = get_kb_item( "ssh/login/osx_name" );
if( ! osName ) exit( 0 );
osVer = get_kb_item( "ssh/login/osx_version" );
if( ! osVer ) exit( 0 );
if( "Mac OS X" >< osName && "Server" >!< osName ) {
if( version_is_less_equal( version:osVer, test_version:"10.5.8" ) ||
version_in_range( version:osVer, test_version:"10.6.0", test_version2:"10.6.4" ) ) {
if( isosxpkgvuln( fixed:"com.apple.pkg.update.security.", diff:"2010.007" ) ) {
report = report_fixed_ver( installed_version:osName + " " + osVer, fixed_version:"Install the missing security update 2010.007" );
security_message( port:0, data:report );
exit( 0 );
}
}
}
if( "Mac OS X Server" >< osName ) {
if( version_is_less_equal( version:osVer, test_version:"10.5.8" ) ||
version_in_range( version:osVer, test_version:"10.6", test_version2:"10.6.4" ) ) {
if( isosxpkgvuln( fixed:"com.apple.pkg.update.security.", diff:"2010.007" ) ) {
report = report_fixed_ver( installed_version:osName + " " + osVer, fixed_version:"Install the missing security update 2010.007" );
security_message( port:0, data:report );
exit( 0 );
}
}
}
{"id": "OPENVAS:1361412562310802144", "bulletinFamily": "scanner", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "published": "2011-09-07T00:00:00", "modified": "2019-03-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "type": "openvas", "lastseen": "2019-05-29T18:39:24", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "20802a96e594d51c97fba375b9301c77ec8234d0fc91fc3230192737f6527243", "hashmap": [{"hash": "1eec7b4fe6206990c2b25b5886e673d9", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "5b3e78bf2118fdcf240d0771f3c6039e", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "63fac699ee3b06e25ce618526a06cbf3", "key": "naslFamily"}, {"hash": "a7650535d6d3ccd45833e6a945f95987", "key": "published"}, {"hash": "c8f9c9b2aeaaa5f5b0aeb362602968fd", "key": "cvelist"}, {"hash": "31f341ae7e7b13e28fd8a14080e72634", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "51ec2f804663776b0e7b00831c0571f3", "key": "pluginID"}, {"hash": "761f098954210174b262fa1f9b6e99db", "key": "references"}, {"hash": "51a8fdba10bac4b1d02edc02246b8498", "key": "href"}, {"hash": "12220012a8f607b74ab8a12c37a02892", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "id": "OPENVAS:1361412562310802144", "lastseen": "2018-04-06T11:36:15", "modified": "2018-04-06T00:00:00", "naslFamily": "Mac OS X Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310802144", "published": "2011-09-07T00:00:00", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"AFP Server\n Apache mod_perl\n Apache\n AppKit\n ATS\n CFNetwork\n CoreGraphics\n CoreText\n CUPS\n Flash Player plug-in\n gzip\n Image Capture\n ImageIO\n Image RAW\n MySQL\n neon\n OpenLDAP\n OpenSSL\n Password Server\n PHP\n python\n Apple iWork\n Apple Safari\n Apple iTunes\n QuickLook\n QuickTime\n Wiki Server\n xar\n X11\n Time Machine\n WebKit Open Source\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2010-007\n For updates refer to http://support.apple.com/kb/HT4435\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4435\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1024723\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X\nif(\"Mac OS X\" >< osName && \"Server\" >!< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\"))\n {\n ## Check for the security update 2010.007\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Check for the Mac OS X Server\nif(\"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\"))\n {\n ## Check for the security update 2010.007\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2018-04-06T11:36:15"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-02T00:02:31", "references": [{"idList": ["RHSA-2010:0464", "RHSA-2010:0623", "RHSA-2010:0834", "RHSA-2010:0470", "RHSA-2010:0829", "RHSA-2010:0624", "RHSA-2010:0867"], "type": "redhat"}, {"idList": ["SUSE-SA:2010:024", "SUSE-SA:2010:055", "SUSE-SA:2010:034"], "type": "suse"}, {"idList": ["FREEBSD_PKG_144E524A77EB11DFAE06001B2134EF46.NASL", "MACOSX_SECUPD2010-007.NASL", "SUSE_11_0_FLASH-PLAYER-100611.NASL", "FLASH_PLAYER_APSB10-14.NASL", "SUSE_11_2_FLASH-PLAYER-100611.NASL", "SUSE_FLASH-PLAYER-7071.NASL", "ADOBE_AIR_APSB10-14.NASL", "MACOSX_10_6_5.NASL", "SUSE_11_FLASH-PLAYER-100611.NASL", "SUSE_11_1_FLASH-PLAYER-100611.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:11263", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:VULN:11619", "SECURITYVULNS:VULN:11059", "SECURITYVULNS:DOC:26202", "SECURITYVULNS:DOC:24039", "SECURITYVULNS:VULN:11239", "SECURITYVULNS:DOC:25089", "SECURITYVULNS:DOC:24466", "SECURITYVULNS:VULN:10921"], "type": "securityvulns"}, {"idList": ["GLSA-201101-09"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310850133", "OPENVAS:902200", "OPENVAS:902194", "OPENVAS:850133", "OPENVAS:1361412562310902200", "OPENVAS:802144", "OPENVAS:67656", "OPENVAS:136141256231067656", "OPENVAS:67863", "OPENVAS:1361412562310902194"], "type": "openvas"}, {"idList": ["76B597E4-E9C6-11DF-9E10-001B2134EF46", "E19E74A4-A712-11DF-B234-001B2134EF46", "144E524A-77EB-11DF-AE06-001B2134EF46"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "8f6631d8c1d5d6e7d9f306a56b49f3b969e64359924ea2301c908c11d592ed0f", "hashmap": [{"hash": "64d55ceea918461b894aeb06d42176e2", "key": "modified"}, {"hash": "5b3e78bf2118fdcf240d0771f3c6039e", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "63fac699ee3b06e25ce618526a06cbf3", "key": "naslFamily"}, {"hash": "a7650535d6d3ccd45833e6a945f95987", "key": "published"}, {"hash": "c8f9c9b2aeaaa5f5b0aeb362602968fd", "key": "cvelist"}, {"hash": "31f341ae7e7b13e28fd8a14080e72634", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "f3a768e9f3642deaf0e1819c038d03c4", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "51ec2f804663776b0e7b00831c0571f3", "key": "pluginID"}, {"hash": "761f098954210174b262fa1f9b6e99db", "key": "references"}, {"hash": "51a8fdba10bac4b1d02edc02246b8498", "key": "href"}, {"hash": "12220012a8f607b74ab8a12c37a02892", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "id": "OPENVAS:1361412562310802144", "lastseen": "2018-09-02T00:02:31", "modified": "2018-05-30T00:00:00", "naslFamily": "Mac OS X Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310802144", "published": "2011-09-07T00:00:00", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 10023 2018-05-30 09:57:40Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 10023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-30 11:57:40 +0200 (Wed, 30 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4435\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1024723\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n\n script_tag(name : \"impact\" , value : \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\n\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"AFP Server\n\n Apache mod_perl\n\n Apache\n\n AppKit\n\n ATS\n\n CFNetwork\n\n CoreGraphics\n\n CoreText\n\n CUPS\n\n Flash Player plug-in\n\n gzip\n\n Image Capture\n\n ImageIO\n\n Image RAW\n\n MySQL\n\n neon\n\n OpenLDAP\n\n OpenSSL\n\n Password Server\n\n PHP\n\n python\n\n Apple iWork\n\n Apple Safari\n\n Apple iTunes\n\n QuickLook\n\n QuickTime\n\n Wiki Server\n\n xar\n\n X11\n\n Time Machine\n\n WebKit Open Source\");\n script_tag(name : \"insight\" , value : \"For more information on the vulnerabilities refer to the links below.\");\n script_tag(name : \"solution\" , value : \"Run Mac Updates and update the Security Update 2010-007\n\n For updates refer to http://support.apple.com/kb/HT4435\");\n script_tag(name : \"summary\" , value : \"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item( \"ssh/login/osx_name\" );\nif( ! osName ) exit( 0 );\n\nosVer = get_kb_item( \"ssh/login/osx_version\" );\nif( ! osVer ) exit( 0 );\n\nif( \"Mac OS X\" >< osName && \"Server\" >!< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nif( \"Mac OS X Server\" >< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "type": "openvas", "viewCount": 9}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:02:31"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-20T22:44:13", "references": [{"idList": ["RHSA-2010:0464", "RHSA-2010:0623", "RHSA-2010:0834", "RHSA-2010:0470", "RHSA-2010:0829", "RHSA-2010:0624", "RHSA-2010:0867"], "type": "redhat"}, {"idList": ["SUSE-SA:2010:024", "SUSE-SA:2010:055", "SUSE-SA:2010:034"], "type": "suse"}, {"idList": ["SECURITYVULNS:VULN:11263", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:VULN:11619", "SECURITYVULNS:VULN:11059", "SECURITYVULNS:DOC:26202", "SECURITYVULNS:DOC:24039", "SECURITYVULNS:VULN:11239", "SECURITYVULNS:DOC:25089", "SECURITYVULNS:DOC:24466", "SECURITYVULNS:VULN:10921"], "type": "securityvulns"}, {"idList": ["GLSA-201101-09"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310850133", "OPENVAS:902200", "OPENVAS:902194", "OPENVAS:850133", "OPENVAS:1361412562310902200", "OPENVAS:802144", "OPENVAS:67656", "OPENVAS:136141256231067656", "OPENVAS:67863", "OPENVAS:1361412562310902194"], "type": "openvas"}, {"idList": ["FREEBSD_PKG_144E524A77EB11DFAE06001B2134EF46.NASL", "MACOSX_SECUPD2010-007.NASL", "SUSE_11_0_FLASH-PLAYER-100611.NASL", "SUSE_11_2_FLASH-PLAYER-100611.NASL", "SUSE_FLASH-PLAYER-7071.NASL", "ADOBE_AIR_APSB10-14.NASL", "MACOSX_10_6_5.NASL", "REDHAT-RHSA-2010-0470.NASL", "SUSE_11_FLASH-PLAYER-100611.NASL", "SUSE_11_1_FLASH-PLAYER-100611.NASL"], "type": "nessus"}, {"idList": ["76B597E4-E9C6-11DF-9E10-001B2134EF46", "E19E74A4-A712-11DF-B234-001B2134EF46", "144E524A-77EB-11DF-AE06-001B2134EF46"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "72789256c75c3fcb520d4e4da57919c5fc9e2f003630716ae2c8c8b3de94756d", "hashmap": [{"hash": "bc52c75ea1e80a7d7981152a365bfd34", "key": "sourceData"}, {"hash": "5b3e78bf2118fdcf240d0771f3c6039e", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "63fac699ee3b06e25ce618526a06cbf3", "key": "naslFamily"}, {"hash": "a7650535d6d3ccd45833e6a945f95987", "key": "published"}, {"hash": "c8f9c9b2aeaaa5f5b0aeb362602968fd", "key": "cvelist"}, {"hash": "31f341ae7e7b13e28fd8a14080e72634", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "51ec2f804663776b0e7b00831c0571f3", "key": "pluginID"}, {"hash": "761f098954210174b262fa1f9b6e99db", "key": "references"}, {"hash": "51a8fdba10bac4b1d02edc02246b8498", "key": "href"}, {"hash": "a66cc75acc15e0fcfada06afdba44b7b", "key": "modified"}, {"hash": "12220012a8f607b74ab8a12c37a02892", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "id": "OPENVAS:1361412562310802144", "lastseen": "2019-03-20T22:44:13", "modified": "2019-03-19T00:00:00", "naslFamily": "Mac OS X Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310802144", "published": "2011-09-07T00:00:00", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4435\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1024723\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[0-5]\\.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"AFP Server\n\n Apache mod_perl\n\n Apache\n\n AppKit\n\n ATS\n\n CFNetwork\n\n CoreGraphics\n\n CoreText\n\n CUPS\n\n Flash Player plug-in\n\n gzip\n\n Image Capture\n\n ImageIO\n\n Image RAW\n\n MySQL\n\n neon\n\n OpenLDAP\n\n OpenSSL\n\n Password Server\n\n PHP\n\n python\n\n Apple iWork\n\n Apple Safari\n\n Apple iTunes\n\n QuickLook\n\n QuickTime\n\n Wiki Server\n\n xar\n\n X11\n\n Time Machine\n\n WebKit Open Source\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2010-007\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item( \"ssh/login/osx_name\" );\nif( ! osName ) exit( 0 );\n\nosVer = get_kb_item( \"ssh/login/osx_version\" );\nif( ! osVer ) exit( 0 );\n\nif( \"Mac OS X\" >< osName && \"Server\" >!< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nif( \"Mac OS X Server\" >< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "type": "openvas", "viewCount": 10}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-03-20T22:44:13"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6fd54d6935e430b7793291ea2aafb5fbab443f58f427a825765f5bdb42b0d7e9", "hashmap": [{"hash": "64d55ceea918461b894aeb06d42176e2", "key": "modified"}, {"hash": "5b3e78bf2118fdcf240d0771f3c6039e", "key": "reporter"}, {"hash": "63fac699ee3b06e25ce618526a06cbf3", "key": "naslFamily"}, {"hash": "a7650535d6d3ccd45833e6a945f95987", "key": "published"}, {"hash": "c8f9c9b2aeaaa5f5b0aeb362602968fd", "key": "cvelist"}, {"hash": "31f341ae7e7b13e28fd8a14080e72634", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f3a768e9f3642deaf0e1819c038d03c4", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "51ec2f804663776b0e7b00831c0571f3", "key": "pluginID"}, {"hash": "761f098954210174b262fa1f9b6e99db", "key": "references"}, {"hash": "51a8fdba10bac4b1d02edc02246b8498", "key": "href"}, {"hash": "12220012a8f607b74ab8a12c37a02892", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "id": "OPENVAS:1361412562310802144", "lastseen": "2018-08-30T19:27:06", "modified": "2018-05-30T00:00:00", "naslFamily": "Mac OS X Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310802144", "published": "2011-09-07T00:00:00", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 10023 2018-05-30 09:57:40Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 10023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-30 11:57:40 +0200 (Wed, 30 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4435\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1024723\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n\n script_tag(name : \"impact\" , value : \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\n\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"AFP Server\n\n Apache mod_perl\n\n Apache\n\n AppKit\n\n ATS\n\n CFNetwork\n\n CoreGraphics\n\n CoreText\n\n CUPS\n\n Flash Player plug-in\n\n gzip\n\n Image Capture\n\n ImageIO\n\n Image RAW\n\n MySQL\n\n neon\n\n OpenLDAP\n\n OpenSSL\n\n Password Server\n\n PHP\n\n python\n\n Apple iWork\n\n Apple Safari\n\n Apple iTunes\n\n QuickLook\n\n QuickTime\n\n Wiki Server\n\n xar\n\n X11\n\n Time Machine\n\n WebKit Open Source\");\n script_tag(name : \"insight\" , value : \"For more information on the vulnerabilities refer to the links below.\");\n script_tag(name : \"solution\" , value : \"Run Mac Updates and update the Security Update 2010-007\n\n For updates refer to http://support.apple.com/kb/HT4435\");\n script_tag(name : \"summary\" , value : \"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item( \"ssh/login/osx_name\" );\nif( ! osName ) exit( 0 );\n\nosVer = get_kb_item( \"ssh/login/osx_version\" );\nif( ! osVer ) exit( 0 );\n\nif( \"Mac OS X\" >< osName && \"Server\" >!< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nif( \"Mac OS X Server\" >< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "type": "openvas", "viewCount": 4}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:27:06"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8f6631d8c1d5d6e7d9f306a56b49f3b969e64359924ea2301c908c11d592ed0f", "hashmap": [{"hash": "64d55ceea918461b894aeb06d42176e2", "key": "modified"}, {"hash": "5b3e78bf2118fdcf240d0771f3c6039e", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "63fac699ee3b06e25ce618526a06cbf3", "key": "naslFamily"}, {"hash": "a7650535d6d3ccd45833e6a945f95987", "key": "published"}, {"hash": "c8f9c9b2aeaaa5f5b0aeb362602968fd", "key": "cvelist"}, {"hash": "31f341ae7e7b13e28fd8a14080e72634", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "f3a768e9f3642deaf0e1819c038d03c4", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "51ec2f804663776b0e7b00831c0571f3", "key": "pluginID"}, {"hash": "761f098954210174b262fa1f9b6e99db", "key": "references"}, {"hash": "51a8fdba10bac4b1d02edc02246b8498", "key": "href"}, {"hash": "12220012a8f607b74ab8a12c37a02892", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "id": "OPENVAS:1361412562310802144", "lastseen": "2018-06-05T13:16:27", "modified": "2018-05-30T00:00:00", "naslFamily": "Mac OS X Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310802144", "published": "2011-09-07T00:00:00", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 10023 2018-05-30 09:57:40Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 10023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-30 11:57:40 +0200 (Wed, 30 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4435\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1024723\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n\n script_tag(name : \"impact\" , value : \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\n\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"AFP Server\n\n Apache mod_perl\n\n Apache\n\n AppKit\n\n ATS\n\n CFNetwork\n\n CoreGraphics\n\n CoreText\n\n CUPS\n\n Flash Player plug-in\n\n gzip\n\n Image Capture\n\n ImageIO\n\n Image RAW\n\n MySQL\n\n neon\n\n OpenLDAP\n\n OpenSSL\n\n Password Server\n\n PHP\n\n python\n\n Apple iWork\n\n Apple Safari\n\n Apple iTunes\n\n QuickLook\n\n QuickTime\n\n Wiki Server\n\n xar\n\n X11\n\n Time Machine\n\n WebKit Open Source\");\n script_tag(name : \"insight\" , value : \"For more information on the vulnerabilities refer to the links below.\");\n script_tag(name : \"solution\" , value : \"Run Mac Updates and update the Security Update 2010-007\n\n For updates refer to http://support.apple.com/kb/HT4435\");\n script_tag(name : \"summary\" , value : \"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item( \"ssh/login/osx_name\" );\nif( ! osName ) exit( 0 );\n\nosVer = get_kb_item( \"ssh/login/osx_version\" );\nif( ! osVer ) exit( 0 );\n\nif( \"Mac OS X\" >< osName && \"Server\" >!< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nif( \"Mac OS X Server\" >< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "type": "openvas", "viewCount": 4}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-06-05T13:16:27"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "c8f9c9b2aeaaa5f5b0aeb362602968fd"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "description", "hash": "12220012a8f607b74ab8a12c37a02892"}, {"key": "href", "hash": "51a8fdba10bac4b1d02edc02246b8498"}, {"key": "modified", "hash": "a66cc75acc15e0fcfada06afdba44b7b"}, {"key": "naslFamily", "hash": "63fac699ee3b06e25ce618526a06cbf3"}, {"key": "pluginID", "hash": "51ec2f804663776b0e7b00831c0571f3"}, {"key": "published", "hash": "a7650535d6d3ccd45833e6a945f95987"}, {"key": "references", "hash": "761f098954210174b262fa1f9b6e99db"}, {"key": "reporter", "hash": "5b3e78bf2118fdcf240d0771f3c6039e"}, {"key": "sourceData", "hash": "bc52c75ea1e80a7d7981152a365bfd34"}, {"key": "title", "hash": "31f341ae7e7b13e28fd8a14080e72634"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "a0f5323355752ca79ee8c70960de2e44891f195c13cf356f0bd4c0c0df4c08c5", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11263", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:VULN:10921", "SECURITYVULNS:DOC:24039", "SECURITYVULNS:DOC:25089", "SECURITYVULNS:VULN:11239", "SECURITYVULNS:VULN:11619", "SECURITYVULNS:DOC:26202", "SECURITYVULNS:DOC:24466", "SECURITYVULNS:VULN:11059"]}, {"type": "nessus", "idList": ["MACOSX_SECUPD2010-007.NASL", "MACOSX_10_6_5.NASL", "FREEBSD_PKG_144E524A77EB11DFAE06001B2134EF46.NASL", "SUSE_11_2_FLASH-PLAYER-100611.NASL", "SUSE_11_0_FLASH-PLAYER-100611.NASL", "SUSE_11_FLASH-PLAYER-100611.NASL", "SUSE_FLASH-PLAYER-7071.NASL", "ADOBE_AIR_APSB10-14.NASL", "FLASH_PLAYER_APSB10-14.NASL", "SUSE_11_1_FLASH-PLAYER-100611.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802144", "OPENVAS:67656", "OPENVAS:850133", "OPENVAS:902194", "OPENVAS:1361412562310850133", "OPENVAS:902200", "OPENVAS:1361412562310902200", "OPENVAS:1361412562310902194", "OPENVAS:136141256231067656", "OPENVAS:136141256231067863"]}, {"type": "freebsd", "idList": ["144E524A-77EB-11DF-AE06-001B2134EF46", "76B597E4-E9C6-11DF-9E10-001B2134EF46", "E19E74A4-A712-11DF-B234-001B2134EF46"]}, {"type": "suse", "idList": ["SUSE-SA:2010:024", "SUSE-SA:2010:055", "SUSE-SA:2010:034"]}, {"type": "redhat", "idList": ["RHSA-2010:0464", "RHSA-2010:0470", "RHSA-2010:0834", "RHSA-2010:0867", "RHSA-2010:0829", "RHSA-2010:0623", "RHSA-2010:0624"]}, {"type": "gentoo", "idList": ["GLSA-201101-09"]}], "modified": "2019-05-29T18:39:24"}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:39:24"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4435\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1024723\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[0-5]\\.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"AFP Server\n\n Apache mod_perl\n\n Apache\n\n AppKit\n\n ATS\n\n CFNetwork\n\n CoreGraphics\n\n CoreText\n\n CUPS\n\n Flash Player plug-in\n\n gzip\n\n Image Capture\n\n ImageIO\n\n Image RAW\n\n MySQL\n\n neon\n\n OpenLDAP\n\n OpenSSL\n\n Password Server\n\n PHP\n\n python\n\n Apple iWork\n\n Apple Safari\n\n Apple iTunes\n\n QuickLook\n\n QuickTime\n\n Wiki Server\n\n xar\n\n X11\n\n Time Machine\n\n WebKit Open Source\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2010-007\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item( \"ssh/login/osx_name\" );\nif( ! osName ) exit( 0 );\n\nosVer = get_kb_item( \"ssh/login/osx_version\" );\nif( ! osVer ) exit( 0 );\n\nif( \"Mac OS X\" >< osName && \"Server\" >!< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nif( \"Mac OS X Server\" >< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n", "naslFamily": "Mac OS X Local Security Checks", "pluginID": "1361412562310802144", "scheme": null}
{"nessus": [{"lastseen": "2019-02-21T01:14:05", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. \n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - ImageIO\n - Image RAW\n - MySQL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - Safari RSS\n - Wiki Server\n - X11", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SECUPD2010-007.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50549", "published": "2010-11-10T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-007)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50549);\n script_version(\"1.48\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2008-4546\",\n \"CVE-2009-0796\",\n \"CVE-2009-0946\",\n \"CVE-2009-2624\",\n \"CVE-2009-3793\",\n \"CVE-2009-4134\",\n \"CVE-2010-0105\",\n \"CVE-2010-0205\",\n \"CVE-2010-0209\",\n \"CVE-2010-0397\",\n \"CVE-2010-1205\",\n \"CVE-2010-1297\",\n \"CVE-2010-1449\",\n \"CVE-2010-1450\",\n \"CVE-2010-1752\",\n \"CVE-2010-1811\",\n \"CVE-2010-1828\",\n \"CVE-2010-1829\",\n \"CVE-2010-1830\",\n \"CVE-2010-1831\",\n \"CVE-2010-1832\",\n \"CVE-2010-1836\",\n \"CVE-2010-1837\",\n \"CVE-2010-1838\",\n \"CVE-2010-1840\",\n \"CVE-2010-1841\",\n \"CVE-2010-1845\",\n \"CVE-2010-1846\",\n \"CVE-2010-1848\",\n \"CVE-2010-1849\",\n \"CVE-2010-1850\",\n \"CVE-2010-2160\",\n \"CVE-2010-2161\",\n \"CVE-2010-2162\",\n \"CVE-2010-2163\",\n \"CVE-2010-2164\",\n \"CVE-2010-2165\",\n \"CVE-2010-2166\",\n \"CVE-2010-2167\",\n \"CVE-2010-2169\",\n \"CVE-2010-2170\",\n \"CVE-2010-2171\",\n \"CVE-2010-2172\",\n \"CVE-2010-2173\",\n \"CVE-2010-2174\",\n \"CVE-2010-2175\",\n \"CVE-2010-2176\",\n \"CVE-2010-2177\",\n \"CVE-2010-2178\",\n \"CVE-2010-2179\",\n \"CVE-2010-2180\",\n \"CVE-2010-2181\",\n \"CVE-2010-2182\",\n \"CVE-2010-2183\",\n \"CVE-2010-2184\",\n \"CVE-2010-2185\",\n \"CVE-2010-2186\",\n \"CVE-2010-2187\",\n \"CVE-2010-2188\",\n \"CVE-2010-2189\",\n \"CVE-2010-2213\",\n \"CVE-2010-2214\",\n \"CVE-2010-2215\",\n \"CVE-2010-2216\",\n \"CVE-2010-2249\",\n \"CVE-2010-2484\",\n \"CVE-2010-2497\",\n \"CVE-2010-2498\",\n \"CVE-2010-2499\",\n \"CVE-2010-2500\",\n \"CVE-2010-2519\",\n \"CVE-2010-2520\",\n \"CVE-2010-2531\",\n \"CVE-2010-2805\",\n \"CVE-2010-2806\",\n \"CVE-2010-2807\",\n \"CVE-2010-2808\",\n \"CVE-2010-2884\",\n \"CVE-2010-2941\",\n \"CVE-2010-3053\",\n \"CVE-2010-3054\",\n \"CVE-2010-3636\",\n \"CVE-2010-3638\",\n \"CVE-2010-3639\",\n \"CVE-2010-3640\",\n \"CVE-2010-3641\",\n \"CVE-2010-3642\",\n \"CVE-2010-3643\",\n \"CVE-2010-3644\",\n \"CVE-2010-3645\",\n \"CVE-2010-3646\",\n \"CVE-2010-3647\",\n \"CVE-2010-3648\",\n \"CVE-2010-3649\",\n \"CVE-2010-3650\",\n \"CVE-2010-3652\",\n \"CVE-2010-3654\",\n \"CVE-2010-3783\",\n \"CVE-2010-3784\",\n \"CVE-2010-3785\",\n \"CVE-2010-3796\",\n \"CVE-2010-3797\",\n \"CVE-2010-3976\",\n \"CVE-2010-4010\"\n );\n script_bugtraq_id(\n 31537,\n 34383,\n 34550,\n 38478,\n 39658,\n 40361,\n 40363,\n 40365,\n 40586,\n 40779,\n 40780,\n 40781,\n 40782,\n 40783,\n 40784,\n 40785,\n 40786,\n 40787,\n 40788,\n 40789,\n 40790,\n 40791,\n 40792,\n 40793,\n 40794,\n 40795,\n 40796,\n 40797,\n 40798,\n 40799,\n 40800,\n 40801,\n 40802,\n 40803,\n 40805,\n 40806,\n 40807,\n 40808,\n 40809,\n 41049,\n 41174,\n 42285,\n 42621,\n 42624,\n 44504,\n 44530,\n 44671,\n 44729,\n 44800,\n 44802,\n 44804,\n 44806,\n 44807,\n 44808,\n 44812,\n 44814,\n 44815,\n 44816,\n 44817,\n 44819,\n 44822,\n 44829,\n 44832,\n 44833,\n 44835,\n 99999\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)\");\n script_summary(english:\"Check for the presence of Security Update 2010-007\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes security\nissues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-007 applied. \n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - ImageIO\n - Image RAW\n - MySQL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - Safari RSS\n - Wiki Server\n - X11\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4435\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-007 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(0, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^9\\.[0-8]\\.\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[7-9]|201[1-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-007 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:05", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5.\n\nMac OS X 10.6.5 contains security fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - Apache\n - AppKit\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - Image Capture\n - ImageIO\n - Image RAW\n - Kernel\n - MySQL\n - neon\n - Networking\n - OpenLDAP\n - OpenSSL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - QuickTime\n - Safari RSS\n - Time Machine\n - Wiki Server\n - X11\n - xar", "modified": "2018-07-14T00:00:00", "id": "MACOSX_10_6_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50548", "published": "2010-11-10T00:00:00", "title": "Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50548);\n script_version(\"1.52\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2008-4546\",\n \"CVE-2009-0796\",\n \"CVE-2009-0946\",\n \"CVE-2009-2473\",\n \"CVE-2009-2474\",\n \"CVE-2009-2624\",\n \"CVE-2009-3793\",\n \"CVE-2009-4134\",\n \"CVE-2010-0001\",\n \"CVE-2010-0105\",\n \"CVE-2010-0205\",\n \"CVE-2010-0209\",\n \"CVE-2010-0211\",\n \"CVE-2010-0212\",\n \"CVE-2010-0397\",\n \"CVE-2010-0408\",\n \"CVE-2010-0434\",\n \"CVE-2010-1205\",\n \"CVE-2010-1297\",\n \"CVE-2010-1378\",\n \"CVE-2010-1449\",\n \"CVE-2010-1450\",\n \"CVE-2010-1752\",\n \"CVE-2010-1803\",\n \"CVE-2010-1811\",\n \"CVE-2010-1828\",\n \"CVE-2010-1829\",\n \"CVE-2010-1830\",\n \"CVE-2010-1831\",\n \"CVE-2010-1832\",\n \"CVE-2010-1833\",\n \"CVE-2010-1834\",\n \"CVE-2010-1836\",\n \"CVE-2010-1837\",\n \"CVE-2010-1838\",\n \"CVE-2010-1840\",\n \"CVE-2010-1841\",\n \"CVE-2010-1842\",\n \"CVE-2010-1843\",\n \"CVE-2010-1844\",\n \"CVE-2010-1845\",\n \"CVE-2010-1846\",\n \"CVE-2010-1847\",\n \"CVE-2010-1848\",\n \"CVE-2010-1849\",\n \"CVE-2010-1850\",\n \"CVE-2010-2160\",\n \"CVE-2010-2161\",\n \"CVE-2010-2162\",\n \"CVE-2010-2163\",\n \"CVE-2010-2164\",\n \"CVE-2010-2165\",\n \"CVE-2010-2166\",\n \"CVE-2010-2167\",\n \"CVE-2010-2169\",\n \"CVE-2010-2170\",\n \"CVE-2010-2171\",\n \"CVE-2010-2172\",\n \"CVE-2010-2173\",\n \"CVE-2010-2174\",\n \"CVE-2010-2175\",\n \"CVE-2010-2176\",\n \"CVE-2010-2177\",\n \"CVE-2010-2178\",\n \"CVE-2010-2179\",\n \"CVE-2010-2180\",\n \"CVE-2010-2181\",\n \"CVE-2010-2182\",\n \"CVE-2010-2183\",\n \"CVE-2010-2184\",\n \"CVE-2010-2185\",\n \"CVE-2010-2186\",\n \"CVE-2010-2187\",\n \"CVE-2010-2188\",\n \"CVE-2010-2189\",\n \"CVE-2010-2213\",\n \"CVE-2010-2214\",\n \"CVE-2010-2215\",\n \"CVE-2010-2216\",\n \"CVE-2010-2249\",\n \"CVE-2010-2497\",\n \"CVE-2010-2498\",\n \"CVE-2010-2499\",\n \"CVE-2010-2500\",\n \"CVE-2010-2519\",\n \"CVE-2010-2520\",\n \"CVE-2010-2531\",\n \"CVE-2010-2805\",\n \"CVE-2010-2806\",\n \"CVE-2010-2807\",\n \"CVE-2010-2808\",\n \"CVE-2010-2884\",\n \"CVE-2010-2941\",\n \"CVE-2010-3053\",\n \"CVE-2010-3054\",\n \"CVE-2010-3636\",\n \"CVE-2010-3638\",\n \"CVE-2010-3639\",\n \"CVE-2010-3640\",\n \"CVE-2010-3641\",\n \"CVE-2010-3642\",\n \"CVE-2010-3643\",\n \"CVE-2010-3644\",\n \"CVE-2010-3645\",\n \"CVE-2010-3646\",\n \"CVE-2010-3647\",\n \"CVE-2010-3648\",\n \"CVE-2010-3649\",\n \"CVE-2010-3650\",\n \"CVE-2010-3652\",\n \"CVE-2010-3654\",\n \"CVE-2010-3783\",\n \"CVE-2010-3784\",\n \"CVE-2010-3785\",\n \"CVE-2010-3786\",\n \"CVE-2010-3787\",\n \"CVE-2010-3788\",\n \"CVE-2010-3789\",\n \"CVE-2010-3790\",\n \"CVE-2010-3791\",\n \"CVE-2010-3792\",\n \"CVE-2010-3793\",\n \"CVE-2010-3794\",\n \"CVE-2010-3795\",\n \"CVE-2010-3796\",\n \"CVE-2010-3797\",\n \"CVE-2010-3798\",\n \"CVE-2010-3976\"\n );\n script_bugtraq_id(\n 31537,\n 34383,\n 34550,\n 36079,\n 38478,\n 38491,\n 38494,\n 38708,\n 39658,\n 40361,\n 40363,\n 40365,\n 40586,\n 40779,\n 40780,\n 40781,\n 40782,\n 40783,\n 40784,\n 40785,\n 40786,\n 40787,\n 40788,\n 40789,\n 40790,\n 40791,\n 40792,\n 40793,\n 40794,\n 40795,\n 40796,\n 40797,\n 40798,\n 40799,\n 40800,\n 40801,\n 40802,\n 40803,\n 40805,\n 40806,\n 40807,\n 40808,\n 40809,\n 41049,\n 41174,\n 41770,\n 42285,\n 42621,\n 42624,\n 44504,\n 44530,\n 44671,\n 44784,\n 44785,\n 44787,\n 44789,\n 44790,\n 44792,\n 44794,\n 44795,\n 44796,\n 44798,\n 44799,\n 44800,\n 44802,\n 44803,\n 44804,\n 44805,\n 44806,\n 44807,\n 44808,\n 44811,\n 44812,\n 44813,\n 44814,\n 44815,\n 44816,\n 44817,\n 44819,\n 44822,\n 44828,\n 44829,\n 44831,\n 44832,\n 44833,\n 44834,\n 44835,\n 44840\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.5.\n\nMac OS X 10.6.5 contains security fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - Apache\n - AppKit\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - Image Capture\n - ImageIO\n - Image RAW\n - Kernel\n - MySQL\n - neon\n - Networking\n - OpenLDAP\n - OpenSSL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - QuickTime\n - Safari RSS\n - Time Machine\n - Wiki Server\n - X11\n - xar\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4435\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.5 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 200, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-4]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:28", "bulletinFamily": "scanner", "description": "Adobe Product Security Incident Response Team reports :\n\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_144E524A77EB11DFAE06001B2134EF46.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47025", "published": "2010-06-16T00:00:00", "title": "FreeBSD : linux-flashplugin -- multiple vulnerabilities (144e524a-77eb-11df-ae06-001b2134ef46)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47025);\n script_version(\"1.34\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"FreeBSD : linux-flashplugin -- multiple vulnerabilities (144e524a-77eb-11df-ae06-001b2134ef46)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Product Security Incident Response Team reports :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\nversion 10.0.45.2 and earlier. These vulnerabilities could cause the\napplication to crash and could potentially allow an attacker to take\ncontrol of the affected system.\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb10-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-14.html\"\n );\n # https://vuxml.freebsd.org/freebsd/144e524a-77eb-11df-ae06-001b2134ef46.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8c56f7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f8-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplugin<9.0r277\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f8-flashplugin<10.1r53\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<10.1r53\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:27", "bulletinFamily": "scanner", "description": "This Flash Player update fixes multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The following CVE numbers have been assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_2_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46881", "published": "2010-06-14T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-2542.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46881);\n script_version(\"1.32\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)\");\n script_summary(english:\"Check for the flash-player-2542 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"flash-player-10.1.53.64-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:27", "bulletinFamily": "scanner", "description": "This Flash Player update fixes multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The following CVE numbers have been assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_0_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46879", "published": "2010-06-14T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-2542.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46879);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)\");\n script_summary(english:\"Check for the flash-player-2542 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"flash-player-10.1.53.64-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:26", "bulletinFamily": "scanner", "description": "This update fixes multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189", "modified": "2014-10-24T00:00:00", "id": "SUSE_FLASH-PLAYER-7071.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51736", "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51736);\n script_version (\"$Revision: 1.29 $\");\n script_cvs_date(\"$Date: 2014/10/24 10:42:17 $\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple critical security vulnerabilities which\nallow an attacker to remotely execute arbitrary code or to cause a\ndenial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3793.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1297.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2161.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2166.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2181.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2189.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7071.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"flash-player-9.0.277.0-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:10", "bulletinFamily": "scanner", "description": "This update fixes multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189", "modified": "2014-10-24T00:00:00", "id": "SUSE_11_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50901", "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50901);\n script_version(\"$Revision: 1.31 $\");\n script_cvs_date(\"$Date: 2014/10/24 10:42:17 $\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple critical security vulnerabilities which\nallow an attacker to remotely execute arbitrary code or to cause a\ndenial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3793.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1297.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2161.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2166.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2181.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2189.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2539 / 2541 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"flash-player-10.1.53.64-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"flash-player-10.1.53.64-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:27", "bulletinFamily": "scanner", "description": "This Flash Player update fixes multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The following CVE numbers have been assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_1_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46880", "published": "2010-06-14T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-2542.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46880);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)\");\n script_summary(english:\"Check for the flash-player-2542 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"flash-player-10.1.53.64-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:26", "bulletinFamily": "scanner", "description": "The remote Windows host contains a version of Adobe AIR that is earlier than 2.0.2.12610. Such versions are affected by multiple vulnerabilities, such as memory corruption, buffer overflows, and memory exhaustion, that could be exploited to cause an application crash or even allow execution of arbitrary code.", "modified": "2018-06-27T00:00:00", "id": "ADOBE_AIR_APSB10-14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46858", "published": "2010-06-10T00:00:00", "title": "Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (ASPB10-14)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46858);\n script_version(\"1.52\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\n \"CVE-2008-4546\",\n \"CVE-2009-3793\",\n \"CVE-2010-1297\",\n \"CVE-2010-2160\",\n \"CVE-2010-2161\",\n \"CVE-2010-2162\",\n \"CVE-2010-2163\",\n \"CVE-2010-2164\",\n \"CVE-2010-2165\",\n \"CVE-2010-2166\",\n \"CVE-2010-2167\",\n \"CVE-2010-2169\",\n \"CVE-2010-2170\",\n \"CVE-2010-2171\",\n \"CVE-2010-2172\",\n \"CVE-2010-2173\",\n \"CVE-2010-2174\",\n \"CVE-2010-2175\",\n \"CVE-2010-2176\",\n \"CVE-2010-2177\",\n \"CVE-2010-2178\",\n \"CVE-2010-2179\",\n \"CVE-2010-2180\",\n \"CVE-2010-2181\",\n \"CVE-2010-2182\",\n \"CVE-2010-2183\",\n \"CVE-2010-2184\",\n \"CVE-2010-2185\",\n \"CVE-2010-2186\",\n \"CVE-2010-2187\",\n # \"CVE-2010-2188\", # nb: Adobe removed this from APSB10-14.\n \"CVE-2010-2189\"\n );\n script_bugtraq_id(\n 31537,\n 40586,\n 40779,\n 40780,\n 40781,\n 40782,\n 40783,\n 40784,\n 40785,\n 40786,\n 40787,\n 40788,\n 40789,\n 40790,\n 40791,\n 40792,\n 40793,\n 40794,\n 40795,\n 40796,\n 40797,\n # 40798, # nb: Adobe removed this from APSB10-14.\n 40799,\n 40800,\n 40801,\n 40802,\n 40803,\n 40805,\n 40806,\n 40807,\n 40808,\n 40809\n );\n script_xref(name:\"CERT\", value:\"486225\");\n script_xref(name:\"Secunia\", value:\"40026\");\n\n script_name(english:\"Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (ASPB10-14)\");\n script_summary(english:\"Checks version of Adobe AIR\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\nearlier than 2.0.2.12610. Such versions are affected by multiple\nvulnerabilities, such as memory corruption, buffer overflows, and\nmemory exhaustion, that could be exploited to cause an application\ncrash or even allow execution of arbitrary code.\");\n \n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Adobe AIR 2.0.2.12610 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nversion = get_kb_item(\"SMB/Adobe_AIR/Version\");\nif (isnull(version)) exit(1, \"The 'SMB/Adobe_AIR/Version' KB item is missing.\");\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 2 ||\n (\n ver[0] == 2 &&\n (\n ver[1] == 0 && ver[2] < 2 ||\n (ver[2] == 2 && ver[3] < 12610)\n )\n )\n)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n' +\n 'Adobe AIR ' + version_report + ' is currently installed on the remote host.\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The Adobe AIR \"+version_report+\" install is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:26", "bulletinFamily": "scanner", "description": "The remote Windows host contains a version of Adobe Flash Player 9.x before 9.0.277.0 or 10.x before 10.1.53.63. Such versions are affected by multiple vulnerabilities, such as memory corruption, buffer overflows, and memory exhaustion, that could be exploited to cause an application crash or even allow execution of arbitrary code.", "modified": "2018-07-11T00:00:00", "id": "FLASH_PLAYER_APSB10-14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46859", "published": "2010-06-10T00:00:00", "title": "Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (ASPB10-14)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46859);\n script_version(\"1.55\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\",\n \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\",\n \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\",\n \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\",\n \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\",\n # \"CVE-2010-2188\", # nb: Adobe removed this from APSB10-14.\n \"CVE-2010-2189\");\n script_bugtraq_id(31537, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785,\n 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794,\n 40795, 40796, 40797,\n # 40798, # nb: Adobe removed this from APSB10-14.\n 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809);\n script_xref(name:\"CERT\", value:\"486225\");\n script_xref(name:\"Secunia\", value:\"40026\");\n\n script_name(english:\"Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (ASPB10-14)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plug-in that is affected\nby a code execution vulnerability.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe Flash Player 9.x\nbefore 9.0.277.0 or 10.x before 10.1.53.63. Such versions are\naffected by multiple vulnerabilities, such as memory corruption,\nbuffer overflows, and memory exhaustion, that could be exploited to\ncause an application crash or even allow execution of arbitrary\ncode.\");\n \n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n script_set_attribute(attribute:\"solution\",value:\n\"Upgrade to Flash Player 10.1.53.64 / 9.0.277.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2008/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n exit(0);\n}\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(1, \"The 'SMB/Flash_Player/installed' KB item is missing.\");\n\ninclude(\"global_settings.inc\");\n\ninfo = '';\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for(i=0;i<max_index(iver);i++)\n iver[i] = int(iver[i]);\n \n if (\n # nb: versions before 9.0 are not affected.\n # Chrome never shipped with Flash Player < 10.x\n (\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 277) &&\n (variant == \"Plugin\" || variant == \"ActiveX\")\n ) ||\n (\n iver[0] == 10 && \n (\n iver[1] < 1 ||\n (\n iver[1] == 1 &&\n (\n iver[2] < 53 ||\n (iver[2] == 53 && iver[3] < 64)\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (variant == \"Chrome\")\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n \n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n \n if (variant == \"Plugin\" || variant == \"ActiveX\")\n { \n if (iver[0] == 9) info += '\\n Fixed version : 9.0.277.0';\n else if (iver[0] == 10) info += '\\n Fixed version : 10.1.53.64';\n }\n\n if (variant == \"Chrome\")\n info += '\\n Fixed version : 10.1.53.64 (as included with Google Chrome 5.0.375.125)';\n\n info += '\\n';\n\n }\n }\n }\n }\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 2)\n inst = \"s\";\n else\n inst = \"\";\n\n report = \n '\\n' +\n 'Nessus has identified the following vulnerable instance' + inst + ' of Flash\\n' +\n 'Player installed on the remote host :\\n' +\n '\\n'+\n info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, 'The host is not affected.');\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "description": "Multiple vulnerabilities in kernel, networking components, printing services, AFP Server, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdev_cmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machine, Wiki Server, X11 and third party applications.", "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:11263", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11263", "title": "Apple Mac OS X and QuickTime multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user's Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "description": "Multiple vulnerabilities on Flash content parsing.", "modified": "2010-06-26T00:00:00", "published": "2010-06-26T00:00:00", "id": "SECURITYVULNS:VULN:10921", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10921", "title": "Adobe Flash Player / Acrobat / Reader memory corruptions", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "description": "ecurity update available for Adobe Flash Player\r\n\r\nRelease date: June 10, 2010\r\n\r\nLast updated: June 10, 2010\r\n\r\nVulnerability identifier: APSB10-14\r\n\r\nCVE number: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64. Adobe recommends users of Adobe AIR 1.5.3.9130 and earlier versions update to Adobe AIR 2.0.2.12610.\r\nAffected software versions\r\n\r\nAdobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris\r\nAdobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux\r\n\r\nTo verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\n\r\nTo verify the Adobe AIR version number installed on your system, access the Adobe AIR TechNote for instructions.\r\nSolution\r\n\r\nAdobe Flash Player\r\nAdobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64 by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted.\r\n\r\nTo address the vulnerabilities described in this Security Bulletin, a prerelease version of Flash Player 10.1 for Solaris platforms is available from Adobe Labs.\r\n\r\nFor users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0, which can be downloaded from the following link.\r\n\r\nAdobe AIR\r\nAdobe recommends all users of Adobe AIR 1.5.3.9130 and earlier versions update to the newest version 2.0.2.12610 by downloading it from the Adobe AIR Download Center.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297).\r\nNote: There are reports that this issue is being actively exploited in the wild.\r\n\r\nThis update resolves a memory exhaustion vulnerability that could lead to code execution (CVE-2009-3793).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2160).\r\n\r\nThis update resolves an indexing vulnerability that could lead to code execution (CVE-2010-2161).\r\n\r\nThis update resolves a heap corruption vulnerability that could lead to code execution (CVE-2010-2162).\r\n\r\nThis update resolves multiple vulnerabilities that could lead to code execution (CVE-2010-2163).\r\n\r\nThis update resolves a use after free vulnerability that could lead to code execution (CVE-2010-2164).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2165).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2166).\r\n\r\nThis update resolves multiple heap overflow vulnerabilities that could lead to code execution (CVE-2010-2167).\r\n\r\nThis update resolves a pointer memory corruption that could lead to code execution (CVE-2010-2169).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2170).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2171).\r\n\r\nThis update resolves a denial of service issue on some UNIX platforms (Flash Player 9 only) (CVE-2010-2172).\r\n\r\nThis update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2173).\r\n\r\nThis update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2174).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2175).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2176).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2177).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2178).\r\n\r\nThis update resolves a URL parsing vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only) (CVE-2010-2179).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2180).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2181).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2182).\r\n\r\nThis update resolves a integer overflow vulnerability that could lead to code execution (CVE-2010-2183).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2184).\r\n\r\nThis update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-2185).\r\n\r\nThis update resolves a denial of service vulnerability that can cause the application to crash. Arbitrary code execution has not been demonstrated, but may be possible. (CVE-2010-2186).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2187).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2188).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2189).\r\nNote: This issue occurs only on VMWare systems with VMWare Tools enabled.\r\n\r\nThis update resolves a denial of service issue (CVE-2008-4546).\r\n\r\nAdobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64. Adobe recommends users of Adobe AIR 1.5.3.9130 and earlier versions update to Adobe AIR 2.0.2.12610.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.0.45.2 and earlier\r\n\t\r\n\r\n10.1.53.64\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.0.45.2 and earlier - network distribution\r\n\t\r\n\r\n10.1.53.64\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nAIR 1.5.3.9130\r\n\t\r\n\r\nAIR 2.0.2.12610\r\n\t\r\n\r\nAIR Download Center\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.53.64\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.277.0\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\n\r\nNote: The Adobe Flash Player 10.1.53.64 release will be the last version to support Macintosh PowerPC-based G3 computers. Adobe will be discontinuing support of PowerPC-based G3 computers and will no longer provide security updates after the Flash Player 10.1.53.64 release. This unavailability is due to performance enhancements that cannot be supported on the older PowerPC architecture.\r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Will Dormann of CERT (CVE-2010-1297, CVE-2010-2163)\r\n * Lockheed Martin CIRT, Members of the Defense Security Information Exchange (DSIE) (CVE-2010-1297)\r\n * Ralph Loader of Innaworks Development Limited (CVE-2009-3793)\r\n * An Anonymous Researcher and Dionysus Blazakis through TippingPoint's Zero Day Initiative (CVE-2010-2160)\r\n * An Anonymous Researcher reported through iDefense's Vulnerability Contributor Program (CVE-2010-2161)\r\n * Damian Put through TippingPoint's Zero Day Initiative (CVE-2010-2162, CVE-2010-2188)\r\n * An Anonymous Researcher reported through iDefense's Vulnerability Contributor Program (CVE-2010-2164)\r\n * Megumi Yanagishita of Palo Alto Networks Inc. (CVE-2010-2165)\r\n * Bing Liu of Fortinet's FortiGuard Labs (CVE-2010-2163, CVE-2010-2166)\r\n * Nicolas Joly of VUPEN Vulnerability Research Team (CVE-2010-2167, CVE-2010-2173, CVE-2010-2174)\r\n * Manuel Caballero and Microsoft Vulnerability Research (MSVR) (CVE-2010-2169)\r\n * Tielei Wang from ICST-ERCIS (Engineering Research Center of Info Security, Institute of Computer Science & Technology, Peking University / China) (CVE-2010-2170)\r\n * An Anonymous Researcher and Tielei Wang, from ICST-ERCIS, Peking University, through TippingPoint's Zero Day Initiative (CVE-2010-2171)\r\n * Report submitted by Red Hat Security Response Team (CVE-2010-2172)\r\n * Bo Qu of Palo Alto Networks (CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178)\r\n * Ezio Anselmo Mazarim Fernandes (CVE-2010-2179)\r\n * Haifei Li of Fortinet's FortiGuard Labs (CVE-2010-2189)\r\n * Tavis Ormandy of the Google Security Team (CVE-2010-2163, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187).\r\n\r\nRevisions\r\n\r\nJune 10, 2010 - Updated Acknowledgments section, adding Lockheed Martin CIRT and Members of the Defense Security Information Exchange.\r\nJune 10, 2010 - Bulletin released.", "modified": "2010-06-11T00:00:00", "published": "2010-06-11T00:00:00", "id": "SECURITYVULNS:DOC:24039", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24039", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "Security update available for Adobe Flash Player\r\n\r\nRelease date: November 4, 2010\r\n\r\nVulnerability identifier: APSB10-26\r\n\r\nCVE number: CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.\r\nAffected software versions\r\n\r\n * Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris\r\n * Adobe Flash Player 10.1.95.1 for Android\r\n\r\nTo verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\nSolution\r\n\r\nAdobe recommends all users of Adobe Flash Player 10.1.85.3 and earlier versions upgrade to the newest version 10.1.102.64 by downloading it from the Adobe Flash Player Download Center. Windows users can install the update via the auto-update mechanism within the product when prompted.\r\n\r\nFor users who cannot update to Flash Player 10.1.102.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.289.0, which can be downloaded from here.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3654).\r\n\r\nThis update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).\r\n\r\nThis update resolves an information disclosure vulnerability (Macintosh platform, Safari browser only) (CVE-2010-3638).\r\n\r\nThis update resolves a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution:\r\n\r\n * (CVE-2010-3640)\r\n * (CVE-2010-3641)\r\n * (CVE-2010-3642)\r\n * (CVE-2010-3643)\r\n * (CVE-2010-3644)\r\n * (CVE-2010-3645)\r\n * (CVE-2010-3646)\r\n * (CVE-2010-3647)\r\n * (CVE-2010-3648)\r\n * (CVE-2010-3649)\r\n * (CVE-2010-3650)\r\n * (CVE-2010-3652)\r\n\r\nThis update resolves a library-loading vulnerability that could lead to code execution (CVE-2010-3976).\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.1.85.3 and earlier\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.1.85.3 and earlier - network distribution\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.289.0\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Tokuji Akamine of Symantec Consulting Services Japan (CVE-2010-3636)\r\n * Xiaopeng Zhang of Fortinet's FortiGuard Labs (CVE-2010-3637)\r\n * Erik Osterholm of Texas A&M University (CVE-2010-3638)\r\n * Matthew Scott Bergin of Smash The Stack and Bergin Pen. Testing (CVE-2010-3639)\r\n * Will Dormman of CERT (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652)\r\n * Simon Raner of ACROS Security (CVE-2010-3976)\r\n", "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:DOC:25089", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25089", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "description": "Multiple memory corruptions, code executions, crossite access, information leak, DoS.", "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:VULN:11239", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11239", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02738731\r\nVersion: 1\r\n\r\nHPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux,\r\nand Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF),\r\nExecution of Arbitrary Code, Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as\r\npossible.\r\n\r\nRelease Date: 2011-04-19\r\nLast Updated: 2011-04-19\r\n\r\nPotential Security Impact: Remote cross site scripting (XSS), cross site request\r\nforgery (CSRF), execution of arbitrary code, Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in HP Systems Insight\r\nManager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited\r\nremotely resulting in cross site scripting (XSS), cross site request forgery (CSRF),\r\nexecution of arbitrary code, and Denial of Service (DoS).\r\n\r\nReferences: CVE-2010-3636\r\n Adobe Flash Player\r\n\r\nCVE-2010-3637\r\n Adobe Flash Player\r\n\r\nCVE-2010-3638\r\n Adobe Flash Player\r\n\r\nCVE-2010-3639\r\n Adobe Flash Player\r\n\r\nCVE-2010-3640\r\n Adobe Flash Player\r\n\r\nCVE-2010-3641\r\n Adobe Flash Player\r\n\r\nCVE-2010-3642\r\n Adobe Flash Player\r\n\r\nCVE-2010-3643\r\n Adobe Flash Player\r\n\r\nCVE-2010-3644\r\n Adobe Flash Player\r\n\r\nCVE-2010-3645\r\n Adobe Flash Player\r\n\r\nCVE-2010-3646\r\n Adobe Flash Player\r\n\r\nCVE-2010-3647\r\n Adobe Flash Player\r\n\r\nCVE-2010-3648\r\n Adobe Flash Player\r\n\r\nCVE-2010-3649\r\n Adobe Flash Player\r\n\r\nCVE-2010-3650\r\n Adobe Flash Player\r\n\r\nCVE-2010-3652\r\n Adobe Flash Player\r\n\r\nCVE-2010-3976\r\n Adobe Flash Player\r\n\r\nCVE-2011-1542\r\n XSS\r\n\r\nCVE-2011-1543\r\n CSRF\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.3\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-3636 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3637 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3638 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\r\nCVE-2010-3639 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3640 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3641 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3642 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3643 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3644 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3645 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3646 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3647 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3648 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3649 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3650 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3652 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3976 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2011-1542 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\nCVE-2011-1543 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided HP SIM v6.3 or subsequent to resolve the vulnerabilities.\r\n\r\nHP SIM v6.3 for HP-UX, Linux, and Windows\r\n\r\nHP SIM v6.3 for HP-UX, Linux, and Windows is available here:\r\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/\r\n\r\nHP SIM v6.3 for Windows on Insight Software DVD\r\n\r\nIn addition for Windows HP SIM v6.3 is available on DVD images. These are available\r\nfor download here.\r\nhttp://h18013.www1.hp.com/products/servers/management/fpdownload.html\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\nFor HP-UX, install HP SIM v6.3 or subsequent\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that\r\nreplaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP\r\nand lists recommended actions that may apply to a specific HP-UX system. It can also\r\ndownload patches and create a depot automatically. For more information see:\r\nhttps://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nHP-UX B.11.23\r\nHP-UX B.11.31\r\n=============\r\nSysMgmtServer.MX-CMS\r\nSysMgmtServer.MX-CORE\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-PORTAL\r\nSysMgmtServer.MX-REPO\r\nSysMgmtServer.MX-TOOLS\r\naction: install HP SIM v6.3 or subsequent\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion: 1 (rev.1) - 19 April 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed\r\non systems running HP software products should be applied in accordance with the\r\ncustomer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product,\r\nsend Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to\r\nHP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via\r\nEmail:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to\r\nupdate appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit:\r\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain\r\nsystem integrity. HP is continually reviewing and enhancing the security features of\r\nsoftware products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the\r\nattention of users of the affected HP products the important security information\r\ncontained in this Bulletin. HP recommends that all users determine the applicability\r\nof this information to their individual situations and take appropriate action. HP\r\ndoes not warrant that this information is necessarily accurate or complete for all\r\nuser situations and, consequently, HP will not be responsible for any damages\r\nresulting from user's use or disregard of the information provided in this Bulletin.\r\nTo the extent permitted by law, HP disclaims all warranties, either express or\r\nimplied, including the warranties of merchantability and fitness for a particular\r\npurpose, title and non-infringement."\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or\r\nomissions contained herein. The information provided is provided "as is" without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates,\r\nsubcontractors or suppliers will be liable for incidental,special or consequential\r\ndamages including downtime cost; lost profits;damages relating to the procurement of\r\nsubstitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced herein\r\nare trademarks of Hewlett-Packard Company in the United States and other countries.\r\nOther product and company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk2t3CsACgkQ4B86/C0qfVnGsACfUBtF4ovPqqT+9fmlstfGZOEg\r\nYs0AoM8ROq3gELhOLCPEYCca+qCkf+pn\r\n=x5Sc\r\n-----END PGP SIGNATURE-----", "modified": "2011-04-21T00:00:00", "published": "2011-04-21T00:00:00", "id": "SECURITYVULNS:DOC:26202", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26202", "title": "[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "description": "Crossite scripting, crossite request forgery, DoS.", "modified": "2011-04-21T00:00:00", "published": "2011-04-21T00:00:00", "id": "SECURITYVULNS:VULN:11619", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11619", "title": "HP Systems Insight Manager multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "description": "Security update available for Adobe Flash Player\r\n\r\nRelease date: August 10, 2010\r\n\r\nVulnerability identifier: APSB10-16\r\n\r\nCVE number: CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3.\r\nAffected software versions\r\n\r\n * Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris\r\n * Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux\r\n\r\nAdobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\n\r\nTo verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote.\r\nSolution\r\n\r\nAdobe Flash Player\r\nAdobe recommends all users of Adobe Flash Player 10.1.53.64 and earlier versions upgrade to the newest version 10.1.82.76 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted.\r\n\r\nFor users who cannot update to Flash Player 10.1.82.76, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.280, which can be downloaded from here.\r\n\r\nAdobe AIR\r\nAdobe recommends all users of Adobe AIR 2.0.2.12610 and earlier versions update to the newest version 2.0.3 by downloading it from the Adobe AIR Download Center.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0209).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2188).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2010-2213).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2214).\r\n\r\nThis update resolves a vulnerability that could lead to a click-jacking attack. (CVE-2010-2215).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2216).\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.1.53.64 and earlier\r\n\t\r\n\r\n10.1.82.76\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.1.53.64 and earlier - network distribution\r\n\t\r\n\r\n10.1.82.76\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nAIR 2.0.2.12610\r\n\t\r\n\r\nAIR 2.0.3\r\n\t\r\n\r\nAIR Download Center\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.82.76\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.280\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Will Dormann of CERT (CVE-2010-0209, CVE-2010-2213, CVE-2010-2216)\r\n * Damian Put through TippingPoint's Zero Day Initiative (CVE-2010-2188)\r\n * Lenovo Security Technologies (Beijing), Inc. (CVE-2010-2214)\r\n * Jöran Benker (CVE-2010-2215)\r\n", "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "SECURITYVULNS:DOC:24466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24466", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "description": "Multiple memory corruptions.", "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "SECURITYVULNS:VULN:11059", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11059", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-09-05T11:22:25", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "modified": "2017-09-04T00:00:00", "published": "2011-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802144", "id": "OPENVAS:802144", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"AFP Server\n Apache mod_perl\n Apache\n AppKit\n ATS\n CFNetwork\n CoreGraphics\n CoreText\n CUPS\n Flash Player plug-in\n gzip\n Image Capture\n ImageIO\n Image RAW\n MySQL\n neon\n OpenLDAP\n OpenSSL\n Password Server\n PHP\n python\n Apple iWork\n Apple Safari\n Apple iTunes\n QuickLook\n QuickTime\n Wiki Server\n xar\n X11\n Time Machine\n WebKit Open Source\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2010-007\n For updates refer to http://support.apple.com/kb/HT4435\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\";\n\nif(description)\n{\n script_id(802144);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4435\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1024723\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X\nif(\"Mac OS X\" >< osName && \"Server\" >!< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\"))\n {\n ## Check for the security update 2010.007\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Check for the Mac OS X Server\nif(\"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\"))\n {\n ## Check for the security update 2010.007\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:09:51", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67656", "id": "OPENVAS:67656", "title": "FreeBSD Ports: linux-flashplugin", "type": "openvas", "sourceData": "#\n#VID 144e524a-77eb-11df-ae06-001b2134ef46\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 144e524a-77eb-11df-ae06-001b2134ef46\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-flashplugin\n linux-f8-flashplugin\n linux-f10-flashplugin\n\nFor details on the issues addressed in this update, please visit\nthe referenced seucrity advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb10-14.html\nhttp://www.vuxml.org/freebsd/144e524a-77eb-11df-ae06-001b2134ef46.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67656);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r277\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f8-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r53\")<0) {\n txt += 'Package linux-f8-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r53\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:54:45", "bulletinFamily": "scanner", "description": "Check for the Version of flash-player", "modified": "2018-01-24T00:00:00", "published": "2010-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850133", "id": "OPENVAS:1361412562310850133", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2010:024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for flash-player SUSE-SA:2010:024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Flash Player was updated to fix multiple critical security\n vulnerabilities which allow an attacker to remotely execute arbitrary\n code or to cause a denial of service.\n\n The Flash Plugin was upgraded to version 10.1.53.64.\n\n The following CVE numbers have been assigned:\n CVE-2010-2160,\n CVE-2010-2164,\n CVE-2010-2169,\n CVE-2010-2173,\n CVE-2010-2177,\n CVE-2010-2181,\n CVE-2010-2185,\n CVE-2010-2189\n\n The standalone flash player was not yet updated by Adobe and will be\n fixed in a future update.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850133\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-024\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"SuSE Update for flash-player SUSE-SA:2010:024\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-14T10:49:16", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2017-06-29T00:00:00", "published": "2010-06-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902194", "id": "OPENVAS:902194", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_jun10_lin.nasl 6476 2017-06-29 07:32:00Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to obtain sensitive\n information or cause a denial of service.\n Impact Level: Application/System.\";\ntag_affected = \"Adobe AIR version prior to 2.0.2.12610,\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Linux.\";\ntag_insight = \"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\";\ntag_solution = \"Update to Adobe Air2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2,\n http://get.adobe.com/air\n http://www.adobe.com/support/flashplayer/downloads.html\";\ntag_summary = \"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902194);\n script_version(\"$Revision: 6476 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 09:32:00 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\",\n \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\",\n \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\",\n \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\",\n \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPOd\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(playerVer != NULL)\n{\n # Grep for version 10.x < 10.0.45.2, less than 9.0.277.0\n if(version_is_less(version:playerVer, test_version:\"9.0.277.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\", test_version2:\"10.0.45.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Check for Adobe Air\nairVer = get_kb_item(\"Adobe/Air/Linux/Ver\");\nif(airVer != NULL)\n{\n # Grep for version < 2.0.2.12610\n if(version_is_less(version:airVer, test_version:\"2.0.2.12610\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:01", "bulletinFamily": "scanner", "description": "Check for the Version of flash-player", "modified": "2017-12-25T00:00:00", "published": "2010-06-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850133", "id": "OPENVAS:850133", "title": "SuSE Update for flash-player SUSE-SA:2010:024", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for flash-player SUSE-SA:2010:024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Flash Player was updated to fix multiple critical security\n vulnerabilities which allow an attacker to remotely execute arbitrary\n code or to cause a denial of service.\n\n The Flash Plugin was upgraded to version 10.1.53.64.\n\n The following CVE numbers have been assigned:\n CVE-2010-2160,\n CVE-2010-2164,\n CVE-2010-2169,\n CVE-2010-2173,\n CVE-2010-2177,\n CVE-2010-2181,\n CVE-2010-2185,\n CVE-2010-2189\n\n The standalone flash player was not yet updated by Adobe and will be\n fixed in a future update.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_id(850133);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-024\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"SuSE Update for flash-player SUSE-SA:2010:024\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:08", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2019-01-24T00:00:00", "published": "2010-06-22T00:00:00", "id": "OPENVAS:1361412562310902194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902194", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_jun10_lin.nasl 13267 2019-01-24 12:56:48Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902194\");\n script_version(\"$Revision: 13267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-24 13:56:48 +0100 (Thu, 24 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\",\n \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\",\n \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\",\n \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\",\n \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to obtain sensitive\n information or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 2.0.2.12610,\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Air 2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n if(version_is_less(version:playerVer, test_version:\"9.0.277.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\", test_version2:\"10.0.45.1\"))\n {\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"9.0.277.0/10.0.45.2\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n if(version_is_less(version:airVer, test_version:\"2.0.2.12610\")){\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"2.0.2.12610\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-19T15:04:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-18T00:00:00", "published": "2010-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067656", "id": "OPENVAS:136141256231067656", "title": "FreeBSD Ports: linux-flashplugin", "type": "openvas", "sourceData": "#\n#VID 144e524a-77eb-11df-ae06-001b2134ef46\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 144e524a-77eb-11df-ae06-001b2134ef46\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-flashplugin\n linux-f8-flashplugin\n linux-f10-flashplugin\n\nFor details on the issues addressed in this update, please visit\nthe referenced seucrity advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb10-14.html\nhttp://www.vuxml.org/freebsd/144e524a-77eb-11df-ae06-001b2134ef46.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67656\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r277\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f8-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r53\")<0) {\n txt += 'Package linux-f8-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r53\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:08", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2019-01-24T00:00:00", "published": "2010-06-22T00:00:00", "id": "OPENVAS:1361412562310902200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902200", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_jun10_win.nasl 13267 2019-01-24 12:56:48Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902200\");\n script_version(\"$Revision: 13267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-24 13:56:48 +0100 (Thu, 24 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2173\", \"CVE-2010-2174\",\n \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\",\n \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\",\n \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\",\n \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to obtain sensitive\n information or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 2.0.2.12610,\n\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Air 2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n if(version_is_less(version:playerVer, test_version:\"9.0.277.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\", test_version2:\"10.0.45.1\"))\n {\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"9.0.277.0/10.0.45.2\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n if(version_is_less(version:airVer, test_version:\"2.0.2.12610\")){\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"2.0.2.12610\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:54:33", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2017-12-21T00:00:00", "published": "2010-06-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902200", "id": "OPENVAS:902200", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_jun10_win.nasl 8210 2017-12-21 10:26:31Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to obtain sensitive\n information or cause a denial of service.\n\n Impact Level: Application/System.\";\ntag_affected = \"Adobe AIR version prior to 2.0.2.12610,\n\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on windows.\";\n\ntag_insight = \"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\";\n\ntag_solution = \"Update to Adobe Air2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2,\n http://get.adobe.com/air\n http://www.adobe.com/support/flashplayer/downloads.html\";\n\ntag_summary = \"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902200);\n script_version(\"$Revision: 8210 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 11:26:31 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2173\", \"CVE-2010-2174\",\n \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\",\n \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\",\n \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\",\n \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPOd\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n # Grep for version 10.x < 10.0.45.2, less than 9.0.277.0\n if(version_is_less(version:playerVer, test_version:\"9.0.277.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\", test_version2:\"10.0.45.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n # Grep for version < 2.0.2.12610\n if(version_is_less(version:airVer, test_version:\"2.0.2.12610\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-12-25T00:00:00", "published": "2010-08-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067863", "id": "OPENVAS:136141256231067863", "type": "openvas", "title": "FreeBSD Ports: linux-flashplugin", "sourceData": "#\n#VID e19e74a4-a712-11df-b234-001b2134ef46\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e19e74a4-a712-11df-b234-001b2134ef46\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-flashplugin\n linux-f8-flashplugin\n linux-f10-flashplugin\n\nCVE-2010-0209\nAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and\nAdobe AIR before 2.0.3, allows attackers to execute arbitrary code or\ncause a denial of service (memory corruption) via unspecified vectors,\na different vulnerability than CVE-2010-2213, CVE-2010-2214, and\nCVE-2010-2216.\nCVE-2010-2188\nAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and\nAdobe AIR before 2.0.2.12610, allows attackers to cause a denial of\nservice (memory corruption) or possibly execute arbitrary code by\ncalling the ActionScript native object 2200 connect method multiple\ntimes with different arguments, a different vulnerability than\nCVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171,\nCVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178,\nCVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.\nCVE-2010-2213\nAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and\nAdobe AIR before 2.0.3, allows attackers to execute arbitrary code or\ncause a denial of service (memory corruption) via unspecified vectors,\na different vulnerability than CVE-2010-0209, CVE-2010-2214, and\nCVE-2010-2216.\nCVE-2010-2214\nAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and\nAdobe AIR before 2.0.3, allows attackers to execute arbitrary code or\ncause a denial of service (memory corruption) via unspecified vectors,\na different vulnerability than CVE-2010-0209, CVE-2010-2213, and\nCVE-2010-2216.\nCVE-2010-2215\nAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and\nAdobe AIR before 2.0.3, allows attackers to trick a user into (1)\nselecting a link or (2) completing a dialog, related to a\n'click-jacking' issue.\nCVE-2010-2216\nAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and\nAdobe AIR before 2.0.3, allows attackers to execute arbitrary code or\ncause a denial of service (memory corruption) via unspecified vectors,\na different vulnerability than CVE-2010-0209, CVE-2010-2213, and\nCVE-2010-2214.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb10-16.html\nhttp://www.vuxml.org/freebsd/e19e74a4-a712-11df-b234-001b2134ef46.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67863\");\n script_version(\"$Revision: 8244 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0209\", \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r280\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f8-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r82\")<0) {\n txt += 'Package linux-f8-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r82\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to fix multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2010-06-11T17:44:20", "published": "2010-06-11T17:44:20", "id": "SUSE-SA:2010:024", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:55", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2010-11-05T13:12:10", "published": "2010-11-05T13:12:10", "id": "SUSE-SA:2010:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html", "title": "remote code execution in flash-player", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:41", "bulletinFamily": "unix", "description": "Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors (CWE-119) Allowed attackers to cause a memory corruption or possibly even execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments. - CVE-2010-2213: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2214: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE2010-2215: CVSS v2 Base Score: 4.3: Other (CWE-Other) Allowed an attack related to so called \"click-jacking\". - CVE-2010-2216: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown.\n#### Solution\nPlease install the security update. There is no work-around known.", "modified": "2010-08-13T16:04:27", "published": "2010-08-13T16:04:27", "id": "SUSE-SA:2010:034", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00002.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in Adobe\n\t Flash Player version 10.0.45.2 and earlier. These\n\t vulnerabilities could cause the application to crash and\n\t could potentially allow an attacker to take control of the\n\t affected system.\n\n", "modified": "2008-10-02T00:00:00", "published": "2008-10-02T00:00:00", "id": "144E524A-77EB-11DF-AE06-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/144e524a-77eb-11df-ae06-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "unix", "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in\n\t Adobe Flash Player 10.1.85.3 and earlier versions for\n\t Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player\n\t 10.1.95.1 for Android. These vulnerabilities, including\n\t CVE-2010-3654 referenced in Security Advisory APSA10-05,\n\t could cause the application to crash and could potentially\n\t allow an attacker to take control of the affected system.\n\n", "modified": "2010-09-28T00:00:00", "published": "2010-09-28T00:00:00", "id": "76B597E4-E9C6-11DF-9E10-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/76b597e4-e9c6-11df-9e10-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in Adobe\n\t Flash Player version 10.1.53.64 and earlier. These\n\t vulnerabilities could cause the application to crash and\n\t could potentially allow an attacker to take control of the\n\t affected system.\n\n", "modified": "2010-01-06T00:00:00", "published": "2010-01-06T00:00:00", "id": "E19E74A4-A712-11DF-B234-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/e19e74a4-a712-11df-b234-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-05-29T14:34:17", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,\nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,\nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially-crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.53.64.\n", "modified": "2017-07-27T07:33:10", "published": "2010-06-11T04:00:00", "id": "RHSA-2010:0464", "href": "https://access.redhat.com/errata/RHSA-2010:0464", "type": "redhat", "title": "(RHSA-2010:0464) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:20", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-14,\nlisted in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, \nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, \nCVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, \nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, \nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, \nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.\n", "modified": "2017-07-27T23:10:20", "published": "2010-06-14T04:00:00", "id": "RHSA-2010:0470", "href": "https://access.redhat.com/errata/RHSA-2010:0470", "type": "redhat", "title": "(RHSA-2010:0470) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:09", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.289.0.\n", "modified": "2017-07-22T04:32:45", "published": "2010-11-08T05:00:00", "id": "RHSA-2010:0834", "href": "https://access.redhat.com/errata/RHSA-2010:0834", "type": "redhat", "title": "(RHSA-2010:0834) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:22", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with Flash\nPlayer on certain sites, such as fullscreen playback on YouTube. Despite\nthese regressions, we feel these security flaws are serious enough to\nupdate the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.102.64.\n", "modified": "2018-06-07T09:04:34", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0867", "href": "https://access.redhat.com/errata/RHSA-2010:0867", "type": "redhat", "title": "(RHSA-2010:0867) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:44", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with Flash\nPlayer on certain sites, such as fullscreen playback on YouTube. Despite\nthese regressions, we feel these security flaws are serious enough to\nupdate the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.102.64.\n", "modified": "2017-07-27T07:20:44", "published": "2010-11-05T04:00:00", "id": "RHSA-2010:0829", "href": "https://access.redhat.com/errata/RHSA-2010:0829", "type": "redhat", "title": "(RHSA-2010:0829) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:33:52", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-16, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-0209,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2216)\n\nA clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF\nfile could trick a user into unintentionally or mistakenly clicking a link\nor a dialog. (CVE-2010-2215)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.82.76.\n", "modified": "2017-07-27T06:54:45", "published": "2010-08-11T04:00:00", "id": "RHSA-2010:0623", "href": "https://access.redhat.com/errata/RHSA-2010:0623", "type": "redhat", "title": "(RHSA-2010:0623) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:39", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-16, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-0209,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2216)\n\nA clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF\nfile could trick a user into unintentionally or mistakenly clicking a link\nor a dialog. (CVE-2010-2215)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.280.0.\n", "modified": "2017-07-27T22:16:01", "published": "2010-08-11T04:00:00", "id": "RHSA-2010:0624", "href": "https://access.redhat.com/errata/RHSA-2010:0624", "type": "redhat", "title": "(RHSA-2010:0624) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:31", "bulletinFamily": "unix", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities were discovered in Adobe Flash Player. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest stable version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-10.1.102.64\"", "modified": "2011-01-21T00:00:00", "published": "2011-01-21T00:00:00", "id": "GLSA-201101-09", "href": "https://security.gentoo.org/glsa/201101-09", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
