Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623111020140382HistoryJan 28, 2022 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2014-0382)
2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
10
adobe flash player
critical security vulnerabilities
code execution
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.973
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2014.0382");
script_cve_id("CVE-2014-0547", "CVE-2014-0548", "CVE-2014-0549", "CVE-2014-0550", "CVE-2014-0551", "CVE-2014-0552", "CVE-2014-0553", "CVE-2014-0554", "CVE-2014-0555", "CVE-2014-0556", "CVE-2014-0557", "CVE-2014-0559");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:08+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:08 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Mageia: Security Advisory (MGASA-2014-0382)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA(3|4)");
script_xref(name:"Advisory-ID", value:"MGASA-2014-0382");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2014-0382.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=14096");
script_xref(name:"URL", value:"http://helpx.adobe.com/security/products/flash-player/apsb14-21.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2014-0382 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Adobe Flash Player 11.2.202.406 contains fixes to critical security
vulnerabilities found in earlier versions that could potentially allow an
attacker to take control of the affected system.
This update resolves memory leakage vulnerabilities that could be used to
bypass memory address randomization (CVE-2014-0557).
This update resolves a security bypass vulnerability (CVE-2014-0554).
This update resolves a use-after-free vulnerability that could lead to code
execution (CVE-2014-0553).
This update resolves memory corruption vulnerabilities that could lead to
code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551,
CVE-2014-0552, CVE-2014-0555).
This update resolves a vulnerability that could be used to bypass the same
origin policy (CVE-2014-0548).
This update resolves a heap buffer overflow vulnerability that could lead
to code execution (CVE-2014-0556, CVE-2014-0559).");
script_tag(name:"affected", value:"'flash-player-plugin' package(s) on Mageia 3, Mageia 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA3") {
if(!isnull(res = isrpmvuln(pkg:"flash-player-plugin", rpm:"flash-player-plugin~11.2.202.406~1.mga3.nonfree", rls:"MAGEIA3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"flash-player-plugin-kde", rpm:"flash-player-plugin-kde~11.2.202.406~1.mga3.nonfree", rls:"MAGEIA3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "MAGEIA4") {
if(!isnull(res = isrpmvuln(pkg:"flash-player-plugin", rpm:"flash-player-plugin~11.2.202.406~1.mga4.nonfree", rls:"MAGEIA4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"flash-player-plugin-kde", rpm:"flash-player-plugin-kde~11.2.202.406~1.mga4.nonfree", rls:"MAGEIA4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
redhat
redhat
(RHSA-2014:1173) Critical: flash-plugin security update
2014-09-10 00:00:00
nessus
nessus
Flash Player for Mac <= 14.0.0.179 Multiple Vulnerabilities (APSB14-21)
2014-09-10 00:00:00
Adobe AIR <= AIR 14.0.0.178 Multiple Vulnerabilities (APSB14-21)
2014-09-10 00:00:00
Flash Player < 15.0.0.152 Multiple Vulnerabilities (APSB14-21)
2014-09-10 00:00:00
suse
suse
update flash-player to 11.2.202.40 (important)
2014-09-16 01:04:20
flash-player to 11.2.202.40 (important)
2014-09-10 17:04:13
Security update for flash-player (important)
2014-09-13 01:04:17
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-09-22 12:31:24
openvas
openvas
Adobe AIR Multiple Vulnerabilities-01 (Sep 2014) - Mac OS X
2014-09-12 00:00:00
Gentoo Security Advisory GLSA 201409-05
2015-09-29 00:00:00
Adobe Flash Player Multiple Vulnerabilities-01 (Sep 2014) - Linux
2014-09-12 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-09-19 00:00:00
freebsd
freebsd
cvelist
cvelist
prion
prion
Memory corruption
2014-09-10 01:55:00
Memory corruption
2014-09-10 01:55:00
Memory corruption
2014-09-10 01:55:00
ubuntucve
ubuntucve
nvd
nvd
cve
cve
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0552)
2014-09-21 00:00:00
Adobe Flash Player Same Origin Policy Bypass (APSB14-21: CVE-2014-0548)
2015-05-11 00:00:00
canvas
canvas
Immunity Canvas: ADOBE_FLASH_COPYPIXELSTOBYTEARRAY
2014-09-10 01:55:00
packetstorm
packetstorm
Adobe Flash Player copyPixelsToByteArray Integer Overflow
2015-04-19 00:00:00
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
2014-09-30 00:00:00
zdt
zdt
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
2014-10-01 00:00:00
Adobe Flash Player copyPixelsToByteArray Integer Overflow Exploit
2015-04-19 00:00:00
metasploit
metasploit
Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
2015-04-15 19:08:16
googleprojectzero
googleprojectzero
Exploiting CVE-2014-0556 in Flash
2014-09-23 00:00:00
Significant Flash exploit mitigations are live in v18.0.0.209
2015-07-16 00:00:00
The poisoned NUL byte, 2014 edition
2014-08-25 00:00:00
exploitdb
exploitdb
Adobe Flash Player - copyPixelsToByteArray Integer Overflow (Metasploit)
2015-04-21 00:00:00
hackerone
hackerone
Internet Bug Bounty: Flash Local Sandbox Bypass
2014-09-09 20:51:19
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
2014-10-08 02:03:48
Internet Bug Bounty: Adobe Flash Player Out-of-Bound Access Vulnerability
2015-02-07 14:50:18
threatpost
threatpost
Microsoft Warns of Crowti Ransomware
2014-10-29 14:20:49
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
High
EPSS
0.973
Percentile
99.9%
Related for OPENVAS:13614125623111020140382