RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:0221)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes several security
issues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat
Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash
Player Web browser plug-in.

Several input validation flaws were found in the way Flash Player
displayed certain content. These may have made it possible to execute
arbitrary code on a victim's machine, if the victim opened a malicious
Adobe Flash file. (CVE-2007-0071, CVE-2007-6019)

A flaw was found in the way Flash Player established TCP sessions to
remote hosts. A remote attacker could, consequently, use Flash Player
to conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)

A flaw was found in the way Flash Player restricted the interpretation
and usage of cross-domain policy files. A remote attacker could use
Flash Player to conduct cross-domain and cross-site scripting attacks.
(CVE-2007-6243, CVE-2008-1654)

A flaw was found in the way Flash Player interacted with web browsers.
An attacker could use malicious content presented by Flash Player to
conduct a cross-site scripting attack. (CVE-2007-6637)

All users of Adobe Flash Player should upgrade to this updated
package, which contains Flash Player version and resolves
these issues.

See also :


Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true