Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60027
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:1126
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:1126.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Several input validation flaws were found in the way Flash Player displays
certain content. It may be possible to execute arbitrary code on a victim's
machine, if the victim opens a malicious Adobe Flash file.
(CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)

A flaw was found in the way Flash Player handled the asfunction: protocol.
Malformed SWF files could perform a cross-site scripting attack.
(CVE-2007-6244)

A flaw was found in the way Flash Player modified HTTP request headers.
Malicious content could allow Flash Player to conduct a HTTP response
splitting attack. (CVE-2007-6245)

A flaw was found in the way Flash Player processes certain SWF content. A
malicious SWF file could allow a remote attacker to conduct a port scanning
attack from the client's machine. (CVE-2007-4324)

A flaw was found in the way Flash Player establishes TCP sessions. A remote
attacker could use Flash Player to conduct a DNS rebinding attack.
(CVE-2007-5275)

Users of Adobe Flash Player are advised to upgrade to this updated package,
which contains version 9.0.115.0 and resolves these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1126.html
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5275
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 26930
http://www.securityfocus.com/bid/26930
Cert/CC Advisory: TA07-355A
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
Cert/CC Advisory: TA08-100A
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
http://crypto.stanford.edu/dns/dns-rebinding.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.redhat.com/support/errata/RHSA-2008-0221.html
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/29763
http://secunia.com/advisories/29865
http://secunia.com/advisories/30430
http://secunia.com/advisories/30507
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1697
http://www.vupen.com/english/advisories/2008/1724/references
Common Vulnerability Exposure (CVE) ID: CVE-2007-4324
BugTraq ID: 25260
http://www.securityfocus.com/bid/25260
Bugtraq: 20070809 Design flaw in AS3 socket handling allows port probing (Google Search)
http://www.securityfocus.com/archive/1/475961/100/0/threaded
http://scan.flashsec.org/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11874
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://secunia.com/advisories/32270
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://securityreason.com/securityalert/2995
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://www.vupen.com/english/advisories/2008/2838
Common Vulnerability Exposure (CVE) ID: CVE-2007-4768
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26346
http://www.securityfocus.com/bid/26346
Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/483357/100/0/threaded
Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/483579/100/0/threaded
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Debian Security Information: DSA-1399 (Google Search)
http://www.debian.org/security/2007/dsa-1399
Debian Security Information: DSA-1570 (Google Search)
http://www.debian.org/security/2008/dsa-1570
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
http://secunia.com/advisories/27538
http://secunia.com/advisories/27543
http://secunia.com/advisories/27554
http://secunia.com/advisories/27697
http://secunia.com/advisories/27741
http://secunia.com/advisories/28136
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/29267
http://secunia.com/advisories/29420
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
http://secunia.com/advisories/30840
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
https://usn.ubuntu.com/547-1/
http://www.vupen.com/english/advisories/2007/3725
http://www.vupen.com/english/advisories/2007/3790
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1966/references
XForce ISS Database: pcre-class-unicode-bo(38278)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
Common Vulnerability Exposure (CVE) ID: CVE-2007-6242
BugTraq ID: 26951
http://www.securityfocus.com/bid/26951
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9188
XForce ISS Database: adobe-swf-code-execution(39128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39128
Common Vulnerability Exposure (CVE) ID: CVE-2007-6244
BugTraq ID: 26929
http://www.securityfocus.com/bid/26929
BugTraq ID: 26949
http://www.securityfocus.com/bid/26949
BugTraq ID: 26960
http://www.securityfocus.com/bid/26960
CERT/CC vulnerability note: VU#758769
http://www.kb.cert.org/vuls/id/758769
http://crypto.stanford.edu/advisories/CVE-2007-6244/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10210
XForce ISS Database: adobe-asfunction-protocol-xss(39130)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39130
XForce ISS Database: adobe-navigatetourl-xss(39131)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39131
Common Vulnerability Exposure (CVE) ID: CVE-2007-6245
BugTraq ID: 26969
http://www.securityfocus.com/bid/26969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9546
XForce ISS Database: adobe-unspecified-response-splitting(39134)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39134
Common Vulnerability Exposure (CVE) ID: CVE-2007-6246
BugTraq ID: 26965
http://www.securityfocus.com/bid/26965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10519
XForce ISS Database: adobe-memory-privilege-escalation(39136)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39136
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.