ID de Prueba:	1.3.6.1.4.1.25623.1.0.60027
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:1126
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:1126. The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Several input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim's machine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246) A flaw was found in the way Flash Player handled the asfunction: protocol. Malformed SWF files could perform a cross-site scripting attack. (CVE-2007-6244) A flaw was found in the way Flash Player modified HTTP request headers. Malicious content could allow Flash Player to conduct a HTTP response splitting attack. (CVE-2007-6245) A flaw was found in the way Flash Player processes certain SWF content. A malicious SWF file could allow a remote attacker to conduct a port scanning attack from the client's machine. (CVE-2007-4324) A flaw was found in the way Flash Player establishes TCP sessions. A remote attacker could use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275) Users of Adobe Flash Player are advised to upgrade to this updated package, which contains version 9.0.115.0 and resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1126.html http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.redhat.com/security/updates/classification/#critical Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5275 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 26930 http://www.securityfocus.com/bid/26930 Cert/CC Advisory: TA07-355A http://www.us-cert.gov/cas/techalerts/TA07-355A.html Cert/CC Advisory: TA08-100A http://www.us-cert.gov/cas/techalerts/TA08-100A.html Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml http://crypto.stanford.edu/dns/dns-rebinding.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250 http://www.redhat.com/support/errata/RHSA-2007-1126.html http://www.redhat.com/support/errata/RHSA-2008-0221.html http://securitytracker.com/id?1019116 http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 http://secunia.com/advisories/29763 http://secunia.com/advisories/29865 http://secunia.com/advisories/30430 http://secunia.com/advisories/30507 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 SuSE Security Announcement: SUSE-SA:2007:069 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html SuSE Security Announcement: SUSE-SA:2008:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html http://www.vupen.com/english/advisories/2007/4258 http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/1724/references Common Vulnerability Exposure (CVE) ID: CVE-2007-4324 BugTraq ID: 25260 http://www.securityfocus.com/bid/25260 Bugtraq: 20070809 Design flaw in AS3 socket handling allows port probing (Google Search) http://www.securityfocus.com/archive/1/475961/100/0/threaded http://scan.flashsec.org/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874 http://www.redhat.com/support/errata/RHSA-2008-0945.html http://www.redhat.com/support/errata/RHSA-2008-0980.html http://secunia.com/advisories/32270 http://secunia.com/advisories/32448 http://secunia.com/advisories/32702 http://secunia.com/advisories/32759 http://secunia.com/advisories/33390 http://securityreason.com/securityalert/2995 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 SuSE Security Announcement: SUSE-SR:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://www.vupen.com/english/advisories/2008/2838 Common Vulnerability Exposure (CVE) ID: CVE-2007-4768 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 26346 http://www.securityfocus.com/bid/26346 Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search) http://www.securityfocus.com/archive/1/483357/100/0/threaded Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search) http://www.securityfocus.com/archive/1/483579/100/0/threaded Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html Debian Security Information: DSA-1399 (Google Search) http://www.debian.org/security/2007/dsa-1399 Debian Security Information: DSA-1570 (Google Search) http://www.debian.org/security/2008/dsa-1570 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html http://security.gentoo.org/glsa/glsa-200711-30.xml http://security.gentoo.org/glsa/glsa-200801-02.xml http://security.gentoo.org/glsa/glsa-200801-18.xml http://security.gentoo.org/glsa/glsa-200801-19.xml http://security.gentoo.org/glsa/glsa-200805-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 http://bugs.gentoo.org/show_bug.cgi?id=198976 http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701 http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27554 http://secunia.com/advisories/27697 http://secunia.com/advisories/27741 http://secunia.com/advisories/28136 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/29267 http://secunia.com/advisories/29420 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 http://secunia.com/advisories/30219 http://secunia.com/advisories/30840 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 https://usn.ubuntu.com/547-1/ http://www.vupen.com/english/advisories/2007/3725 http://www.vupen.com/english/advisories/2007/3790 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1966/references XForce ISS Database: pcre-class-unicode-bo(38278) https://exchange.xforce.ibmcloud.com/vulnerabilities/38278 Common Vulnerability Exposure (CVE) ID: CVE-2007-6242 BugTraq ID: 26951 http://www.securityfocus.com/bid/26951 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9188 XForce ISS Database: adobe-swf-code-execution(39128) https://exchange.xforce.ibmcloud.com/vulnerabilities/39128 Common Vulnerability Exposure (CVE) ID: CVE-2007-6244 BugTraq ID: 26929 http://www.securityfocus.com/bid/26929 BugTraq ID: 26949 http://www.securityfocus.com/bid/26949 BugTraq ID: 26960 http://www.securityfocus.com/bid/26960 CERT/CC vulnerability note: VU#758769 http://www.kb.cert.org/vuls/id/758769 http://crypto.stanford.edu/advisories/CVE-2007-6244/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210 XForce ISS Database: adobe-asfunction-protocol-xss(39130) https://exchange.xforce.ibmcloud.com/vulnerabilities/39130 XForce ISS Database: adobe-navigatetourl-xss(39131) https://exchange.xforce.ibmcloud.com/vulnerabilities/39131 Common Vulnerability Exposure (CVE) ID: CVE-2007-6245 BugTraq ID: 26969 http://www.securityfocus.com/bid/26969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9546 XForce ISS Database: adobe-unspecified-response-splitting(39134) https://exchange.xforce.ibmcloud.com/vulnerabilities/39134 Common Vulnerability Exposure (CVE) ID: CVE-2007-6246 BugTraq ID: 26965 http://www.securityfocus.com/bid/26965 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10519 XForce ISS Database: adobe-memory-privilege-escalation(39136) https://exchange.xforce.ibmcloud.com/vulnerabilities/39136
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.