RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:0221)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes several security
issues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat
Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5
Supplementary.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash
Player Web browser plug-in.

Several input validation flaws were found in the way Flash Player
displayed certain content. These may have made it possible to execute
arbitrary code on a victim's machine, if the victim opened a malicious
Adobe Flash file. (CVE-2007-0071, CVE-2007-6019)

A flaw was found in the way Flash Player established TCP sessions to
remote hosts. A remote attacker could, consequently, use Flash Player
to conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)

A flaw was found in the way Flash Player restricted the interpretation
and usage of cross-domain policy files. A remote attacker could use
Flash Player to conduct cross-domain and cross-site scripting attacks.
(CVE-2007-6243, CVE-2008-1654)

A flaw was found in the way Flash Player interacted with web browsers.
An attacker could use malicious content presented by Flash Player to
conduct a cross-site scripting attack. (CVE-2007-6637)

All users of Adobe Flash Player should upgrade to this updated
package, which contains Flash Player version 9.0.124.0 and resolves
these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2007-0071.html
https://www.redhat.com/security/data/cve/CVE-2007-5275.html
https://www.redhat.com/security/data/cve/CVE-2007-6019.html
https://www.redhat.com/security/data/cve/CVE-2007-6243.html
https://www.redhat.com/security/data/cve/CVE-2007-6637.html
https://www.redhat.com/security/data/cve/CVE-2008-1654.html
https://www.redhat.com/security/data/cve/CVE-2008-1655.html
https://www.redhat.com/security/data/cve/CVE-2008-3872.html
http://rhn.redhat.com/errata/RHSA-2008-0221.html

Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 40719 ()

Bugtraq ID:

CVE ID: CVE-2007-0071
CVE-2007-5275
CVE-2007-6019
CVE-2007-6243
CVE-2007-6637
CVE-2008-1654
CVE-2008-1655
CVE-2008-3872