FreeBSD Ports: linux-f10-flashplugin

FreeBSD Ports linux-f10-flashplugin vulnerability due to buffer overflow in Adobe Flash Player before 11.x on various platforms allowing arbitrary code executio

Reporter	Title	Published	Views	Family All 91
FreeBSD	linux-flashplugin -- multiple vulnerabilities	8 Oct 201200:00	–	freebsd
Tenable Nessus	Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)	11 Dec 201200:00	–	nessus
Tenable Nessus	Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)	11 Dec 201200:00	–	nessus
Tenable Nessus	Adobe AIR 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24)	7 Nov 201200:00	–	nessus
Tenable Nessus	Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)	7 Nov 201200:00	–	nessus
Tenable Nessus	FreeBSD : linux-flashplugin -- multiple vulnerabilities (4b8b748e-2a24-11e2-bb44-003067b2972c)	9 Nov 201200:00	–	nessus
Tenable Nessus	GLSA-201309-06 : Adobe Flash Player: Multiple vulnerabilities	14 Sep 201300:00	–	nessus
Tenable Nessus	Adobe AIR for Mac 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24)	7 Nov 201200:00	–	nessus
Tenable Nessus	Flash Player for Mac <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)	7 Nov 201200:00	–	nessus
Tenable Nessus	openSUSE Security Update : flash-player (openSUSE-SU-2013:0367-1)	13 Jun 201400:00	–	nessus

#
#VID 4b8b748e-2a24-11e2-bb44-003067b2972c
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID 4b8b748e-2a24-11e2-bb44-003067b2972c
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "The following package is affected: linux-f10-flashplugin

CVE-2012-5274
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and
CVE-2012-5280.
CVE-2012-5275
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and
CVE-2012-5280.
CVE-2012-5276
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and
CVE-2012-5280.
CVE-2012-5277
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and
CVE-2012-5280.
CVE-2012-5278
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on
Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251
on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before
11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR
SDK before 3.5.0.600 allow attackers to bypass intended access
restrictions and execute arbitrary code via unspecified vectors.
CVE-2012-5279
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on
Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251
on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before
11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR
SDK before 3.5.0.600 allow attackers to execute arbitrary code or
cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-5280
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and
CVE-2012-5277.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.

https://www.adobe.com/support/security/bulletins/apsb12-24.html
http://www.vuxml.org/freebsd/4b8b748e-2a24-11e2-bb44-003067b2972c.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";



if(description)
{
 script_id(72608);
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_cve_id("CVE-2012-5274", "CVE-2012-5275", "CVE-2012-5276", "CVE-2012-5277", "CVE-2012-5278", "CVE-2012-5279", "CVE-2012-5280");
 script_version("$Revision: 5956 $");
 script_tag(name:"last_modification", value:"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $");
 script_tag(name:"creation_date", value:"2012-11-26 12:47:33 -0500 (Mon, 26 Nov 2012)");
 script_name("FreeBSD Ports: linux-f10-flashplugin");


 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
 script_family("FreeBSD Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-bsd.inc");
vuln = 0;
txt = "";
bver = portver(pkg:"linux-f10-flashplugin");
if(!isnull(bver) && revcomp(a:bver, b:"11.2r202.243")<=0) {
    txt += "Package linux-f10-flashplugin version " + bver + " is installed which is known to be vulnerable.\n";
    vuln = 1;
}

if(vuln) {
    security_message(data:string(txt ));
} else if (__pkg_match) {
    exit(99);
}

14 Apr 2017 00:00Current

0.7Low risk

Vulners AI Score0.7

EPSS0.08668