ID de Prueba:	1.3.6.1.4.1.25623.1.0.64512
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1189
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1189.;;The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash;Player web browser plug-in.;;Multiple security flaws were found in the way Flash Player displayed;certain SWF content. An attacker could use these flaws to create a;specially-crafted SWF file that would cause flash-plugin to crash or,;possibly, execute arbitrary code when the victim loaded a page containing;the specially-crafted SWF content. (CVE-2009-1862, CVE-2009-1863,;CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1868, CVE-2009-1869);;A clickjacking flaw was discovered in Flash Player. A specially-crafted;SWF file could trick a user into unintentionally or mistakenly clicking a;link or a dialog. (CVE-2009-1867);;A flaw was found in the Flash Player local sandbox. A specially-crafted;SWF file could cause information disclosure when it was saved to the hard;drive. (CVE-2009-1870);;All users of Adobe Flash Player should install this updated package, which;upgrades Flash Player to version 9.0.246.0.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1189. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1868, CVE-2009-1869) A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. (CVE-2009-1867) A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. (CVE-2009-1870) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.246.0. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1862 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html BugTraq ID: 35759 http://www.securityfocus.com/bid/35759 CERT/CC vulnerability note: VU#259425 http://www.kb.cert.org/vuls/id/259425 http://security.gentoo.org/glsa/glsa-200908-04.xml http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html http://bugs.adobe.com/jira/browse/FP-1265 http://isc.sans.org/diary.html?storyid=6847 http://news.cnet.com/8301-27080_3-10293389-245.html http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99 http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-1863 BugTraq ID: 35890 http://www.securityfocus.com/bid/35890 BugTraq ID: 35900 http://www.securityfocus.com/bid/35900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6961 http://www.securitytracker.com/id?1022629 http://www.vupen.com/english/advisories/2009/2086 XForce ISS Database: adobe-flash-air-code-execution(52179) https://exchange.xforce.ibmcloud.com/vulnerabilities/52179 Common Vulnerability Exposure (CVE) ID: CVE-2009-1864 BugTraq ID: 35904 http://www.securityfocus.com/bid/35904 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16133 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6660 XForce ISS Database: flash-air-unspecified-bo(52184) https://exchange.xforce.ibmcloud.com/vulnerabilities/52184 Common Vulnerability Exposure (CVE) ID: CVE-2009-1865 BugTraq ID: 35906 http://www.securityfocus.com/bid/35906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011 XForce ISS Database: flash-air-code-execution-var1(52182) https://exchange.xforce.ibmcloud.com/vulnerabilities/52182 Common Vulnerability Exposure (CVE) ID: CVE-2009-1866 BugTraq ID: 35901 http://www.securityfocus.com/bid/35901 http://osvdb.org/56774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7271 XForce ISS Database: flash-air-unspecified-bo-var2(52186) https://exchange.xforce.ibmcloud.com/vulnerabilities/52186 Common Vulnerability Exposure (CVE) ID: CVE-2009-1867 BugTraq ID: 35905 http://www.securityfocus.com/bid/35905 http://osvdb.org/56775 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694 XForce ISS Database: flash-air-unspecified-clickjacking(52183) https://exchange.xforce.ibmcloud.com/vulnerabilities/52183 Common Vulnerability Exposure (CVE) ID: CVE-2009-1868 BugTraq ID: 35902 http://www.securityfocus.com/bid/35902 http://osvdb.org/56776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6865 XForce ISS Database: flash-air-unspecified-bo-var1(52185) https://exchange.xforce.ibmcloud.com/vulnerabilities/52185 Common Vulnerability Exposure (CVE) ID: CVE-2009-1869 BugTraq ID: 35907 http://www.securityfocus.com/bid/35907 Bugtraq: 20090802 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) (Google Search) http://www.securityfocus.com/archive/1/505467/100/0/threaded http://roeehay.blogspot.com/2009/08/advisory-adobe-flash-player-avm2.html http://roeehay.blogspot.com/2009/08/exploitation-of-cve-2009-1869.html http://osvdb.org/56777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6998 XForce ISS Database: flash-air-code-execution(52181) https://exchange.xforce.ibmcloud.com/vulnerabilities/52181 Common Vulnerability Exposure (CVE) ID: CVE-2009-1870 BugTraq ID: 35908 http://www.securityfocus.com/bid/35908 http://osvdb.org/56778 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648 XForce ISS Database: flash-air-sandbox-info-disclosure(52180) https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.