Test ID:	1.3.6.1.4.1.25623.1.0.60821
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200804-21 (netscape-flash)
Summary:	The remote host is missing updates announced in;advisory GLSA 200804-21.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200804-21. Vulnerability Insight: Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. Solution: All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-www/netscape-flash-9.0.124.0' CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0071 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 28695 http://www.securityfocus.com/bid/28695 BugTraq ID: 29386 http://www.securityfocus.com/bid/29386 Cert/CC Advisory: TA08-100A http://www.us-cert.gov/cas/techalerts/TA08-100A.html Cert/CC Advisory: TA08-149A http://www.us-cert.gov/cas/techalerts/TA08-149A.html Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html CERT/CC vulnerability note: VU#159523 http://www.kb.cert.org/vuls/id/159523 CERT/CC vulnerability note: VU#395473 http://www.kb.cert.org/vuls/id/395473 http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml ISS Security Advisory: 20080408 Adobe Flash Player Invalid Pointer Vulnerability http://www.iss.net/threats/289.html http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf http://isc.sans.org/diary.html?storyid=4465 http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ http://www.zerodayinitiative.com/advisories/ZDI-08-032/ http://www.osvdb.org/44282 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379 http://www.redhat.com/support/errata/RHSA-2008-0221.html http://www.securitytracker.com/id?1019811 http://www.securitytracker.com/id?1020114 http://secunia.com/advisories/29763 http://secunia.com/advisories/29865 http://secunia.com/advisories/30404 http://secunia.com/advisories/30430 http://secunia.com/advisories/30507 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1 SuSE Security Announcement: SUSE-SA:2008:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html http://www.vupen.com/english/advisories/2008/1662/references http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/1724/references XForce ISS Database: multimedia-file-integer-overflow(37277) https://exchange.xforce.ibmcloud.com/vulnerabilities/37277 Common Vulnerability Exposure (CVE) ID: CVE-2007-5275 BugTraq ID: 26930 http://www.securityfocus.com/bid/26930 Cert/CC Advisory: TA07-355A http://www.us-cert.gov/cas/techalerts/TA07-355A.html http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml http://crypto.stanford.edu/dns/dns-rebinding.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250 http://www.redhat.com/support/errata/RHSA-2007-1126.html http://securitytracker.com/id?1019116 http://secunia.com/advisories/28157 http://secunia.com/advisories/28161 http://secunia.com/advisories/28213 http://secunia.com/advisories/28570 SuSE Security Announcement: SUSE-SA:2007:069 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html http://www.vupen.com/english/advisories/2007/4258 Common Vulnerability Exposure (CVE) ID: CVE-2007-6019 BugTraq ID: 28694 http://www.securityfocus.com/bid/28694 Bugtraq: 20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability (Google Search) http://www.securityfocus.com/archive/1/490623/100/0/threaded Bugtraq: 20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow (Google Search) http://www.securityfocus.com/archive/1/490824/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160 http://www.securitytracker.com/id?1019810 http://securityreason.com/securityalert/3805 XForce ISS Database: adobe-flash-declarefunction2-bo(41717) https://exchange.xforce.ibmcloud.com/vulnerabilities/41717 Common Vulnerability Exposure (CVE) ID: CVE-2007-6243 BugTraq ID: 26929 http://www.securityfocus.com/bid/26929 BugTraq ID: 26966 http://www.securityfocus.com/bid/26966 CERT/CC vulnerability note: VU#935737 http://www.kb.cert.org/vuls/id/935737 http://jvn.jp/jp/JVN%2345675516/index.html http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069 http://www.redhat.com/support/errata/RHSA-2008-0945.html http://www.redhat.com/support/errata/RHSA-2008-0980.html http://secunia.com/advisories/32448 http://secunia.com/advisories/32702 http://secunia.com/advisories/32759 http://secunia.com/advisories/33390 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 SuSE Security Announcement: SUSE-SR:2008:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html XForce ISS Database: adobe-unspecified-security-bypass(39129) https://exchange.xforce.ibmcloud.com/vulnerabilities/39129 Common Vulnerability Exposure (CVE) ID: CVE-2007-6637 BugTraq ID: 27034 http://www.securityfocus.com/bid/27034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9828 http://securitytracker.com/id?1019141 Common Vulnerability Exposure (CVE) ID: CVE-2008-1654 BugTraq ID: 28696 http://www.securityfocus.com/bid/28696 Bugtraq: 20080113 Hacking The Interwebs (Google Search) http://seclists.org/bugtraq/2008/Jan/0182.html CERT/CC vulnerability note: VU#347812 http://www.kb.cert.org/vuls/id/347812 http://seclists.org/fulldisclosure/2008/Jan/0204.html http://www.gnucitizen.org/blog/hacking-the-interwebs/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435 http://www.securitytracker.com/id?1019807 XForce ISS Database: adobe-flash-navigatetourl-csrf(41718) https://exchange.xforce.ibmcloud.com/vulnerabilities/41718 Common Vulnerability Exposure (CVE) ID: CVE-2008-1655 BugTraq ID: 28697 http://www.securityfocus.com/bid/28697 http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns http://www.osvdb.org/44283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724 http://www.securitytracker.com/id?1019808 XForce ISS Database: adobe-flash-dnsrebinding-security-bypass(41807) https://exchange.xforce.ibmcloud.com/vulnerabilities/41807
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.