Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60738
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0221
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0221.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Several input validation flaws were found in the way Flash Player displayed
certain content. These may have made it possible to execute arbitrary code
on a victim's machine, if the victim opened a malicious Adobe Flash file.
(CVE-2007-0071, CVE-2007-6019)

A flaw was found in the way Flash Player established TCP sessions to remote
hosts. A remote attacker could, consequently, use Flash Player to conduct a
DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)

A flaw was found in the way Flash Player restricted the interpretation and
usage of cross-domain policy files. A remote attacker could use Flash
Player to conduct cross-domain and cross-site scripting attacks.
(CVE-2007-6243, CVE-2008-1654)

A flaw was found in the way Flash Player interacted with web browsers. An
attacker could use malicious content presented by Flash Player to conduct a
cross-site scripting attack. (CVE-2007-6637)

All users of Adobe Flash Player should upgrade to this updated package,
which contains Flash Player version 9.0.124.0 and resolves these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0221.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5275
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
BugTraq ID: 26930
http://www.securityfocus.com/bid/26930
Cert/CC Advisory: TA07-355A
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
Cert/CC Advisory: TA08-100A
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
http://crypto.stanford.edu/dns/dns-rebinding.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.redhat.com/support/errata/RHSA-2008-0221.html
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/29763
http://secunia.com/advisories/29865
http://secunia.com/advisories/30430
http://secunia.com/advisories/30507
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1697
http://www.vupen.com/english/advisories/2008/1724/references
Common Vulnerability Exposure (CVE) ID: CVE-2007-6243
BugTraq ID: 26929
http://www.securityfocus.com/bid/26929
BugTraq ID: 26966
http://www.securityfocus.com/bid/26966
CERT/CC vulnerability note: VU#935737
http://www.kb.cert.org/vuls/id/935737
http://jvn.jp/jp/JVN%2345675516/index.html
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
XForce ISS Database: adobe-unspecified-security-bypass(39129)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39129
Common Vulnerability Exposure (CVE) ID: CVE-2007-6637
BugTraq ID: 27034
http://www.securityfocus.com/bid/27034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9828
http://securitytracker.com/id?1019141
Common Vulnerability Exposure (CVE) ID: CVE-2007-6019
BugTraq ID: 28694
http://www.securityfocus.com/bid/28694
Bugtraq: 20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/490623/100/0/threaded
Bugtraq: 20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow (Google Search)
http://www.securityfocus.com/archive/1/490824/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160
http://www.securitytracker.com/id?1019810
http://securityreason.com/securityalert/3805
XForce ISS Database: adobe-flash-declarefunction2-bo(41717)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41717
Common Vulnerability Exposure (CVE) ID: CVE-2007-0071
BugTraq ID: 28695
http://www.securityfocus.com/bid/28695
BugTraq ID: 29386
http://www.securityfocus.com/bid/29386
Cert/CC Advisory: TA08-149A
http://www.us-cert.gov/cas/techalerts/TA08-149A.html
CERT/CC vulnerability note: VU#159523
http://www.kb.cert.org/vuls/id/159523
CERT/CC vulnerability note: VU#395473
http://www.kb.cert.org/vuls/id/395473
ISS Security Advisory: 20080408 Adobe Flash Player Invalid Pointer Vulnerability
http://www.iss.net/threats/289.html
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
http://isc.sans.org/diary.html?storyid=4465
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
http://www.zerodayinitiative.com/advisories/ZDI-08-032/
http://www.osvdb.org/44282
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
http://www.securitytracker.com/id?1019811
http://www.securitytracker.com/id?1020114
http://secunia.com/advisories/30404
http://www.vupen.com/english/advisories/2008/1662/references
XForce ISS Database: multimedia-file-integer-overflow(37277)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
Common Vulnerability Exposure (CVE) ID: CVE-2008-1655
BugTraq ID: 28697
http://www.securityfocus.com/bid/28697
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns
http://www.osvdb.org/44283
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724
http://www.securitytracker.com/id?1019808
XForce ISS Database: adobe-flash-dnsrebinding-security-bypass(41807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41807
Common Vulnerability Exposure (CVE) ID: CVE-2008-1654
BugTraq ID: 28696
http://www.securityfocus.com/bid/28696
Bugtraq: 20080113 Hacking The Interwebs (Google Search)
http://seclists.org/bugtraq/2008/Jan/0182.html
CERT/CC vulnerability note: VU#347812
http://www.kb.cert.org/vuls/id/347812
http://seclists.org/fulldisclosure/2008/Jan/0204.html
http://www.gnucitizen.org/blog/hacking-the-interwebs/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435
http://www.securitytracker.com/id?1019807
XForce ISS Database: adobe-flash-navigatetourl-csrf(41718)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41718
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.