This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200804-21
(Adobe Flash Player: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Adobe Flash:
Secunia Research and Zero Day Initiative reported a boundary error
related to DeclareFunction2 Actionscript tags in SWF files
The ISS X-Force and the Zero Day Initiative reported an unspecified
input validation error that might lead to a buffer overflow
Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy
files are not checked before sending HTTP headers to another domain
(CVE-2008-1654) and that it does not sufficiently restrict the
interpretation and usage of cross-domain policy files (CVE-2007-6243).
The Stanford University and Ernst and Young's Advanced Security Center
reported that Flash does not pin DNS hostnames to a single IP
addresses, allowing for DNS rebinding attacks (CVE-2007-5275,
The Google Security Team and Minded Security Multiple reported multiple
cross-site scripting vulnerabilities when passing input to Flash
A remote attacker could entice a user to open a specially crafted file
(usually in a web browser), possibly leading to the execution of
arbitrary code with the privileges of the user running the Adobe Flash
Player. The attacker could also cause a user's machine to send HTTP
requests to other hosts, establish TCP sessions with arbitrary hosts,
bypass the security sandbox model, or conduct Cross-Site Scripting and
Cross-Site Request Forgery attacks.
There is no known workaround at this time.
See also :
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-18.104.22.168'
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 32014 (gentoo_GLSA-200804-21.nasl)
Bugtraq ID: 26930269662703428694286952869628697
CVE ID: CVE-2007-0071CVE-2007-5275CVE-2007-6019CVE-2007-6243CVE-2007-6637CVE-2008-1654CVE-2008-1655
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.