How to Buy
This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200908-04
(Adobe products: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in Adobe Flash Player:
lakehu of Tencent Security Center reported an unspecified
memory corruption vulnerability (CVE-2009-1862).
reported an unspecified vulnerability, related to 'privilege
An anonymous researcher through
iDefense reported an unspecified heap-based buffer overflow
Chen Chen of Venustech reported an
unspecified 'NULL pointer vulnerability' (CVE-2009-1865).
Chen of Venustech reported an unspecified stack-based buffer overflow
Joran Benker reported that Adobe Flash Player
facilitates 'clickjacking' attacks (CVE-2009-1867).
Jun Mao of
iDefense reported a heap-based buffer overflow, related to URL parsing
Roee Hay of IBM Rational Application Security
reported an unspecified integer overflow (CVE-2009-1869).
Gareth Heyes and Microsoft Vulnerability Research reported that the
sandbox in Adobe Flash Player allows for information disclosure, when
'SWFs are saved to the hard drive' (CVE-2009-1870).
A remote attacker could entice a user to open a specially crafted PDF
file or website containing Adobe Flash (SWF) contents, possibly
resulting in the execution of arbitrary code with the privileges of the
user running the application, or a Denial of Service (application
crash). Furthermore, a remote attacker could trick a user into clicking
a button on a dialog by supplying a specially crafted SWF file and
disclose sensitive information by exploiting a sandbox issue.
There is no known workaround at this time.
See also :
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.0.32.18'
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/acroread-9.1.3'
Risk factor :
High / CVSS Base Score : 9.3
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 40520 (gentoo_GLSA-200908-04.nasl)
CVE ID: CVE-2009-1862CVE-2009-1863CVE-2009-1864CVE-2009-1865CVE-2009-1866CVE-2009-1867CVE-2009-1868CVE-2009-1869CVE-2009-1870
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.