RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:1047)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes a security issue is
now available for Red Hat Enterprise Linux 3 Extras, Red Hat
Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5
Supplementary.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash
Player Web browser plug-in.

A security flaw was found in the way Flash Player displayed certain
SWF (Shockwave Flash) content. This may have made it possible to
execute arbitrary code on a victim's machine, if the victim opened a
malicious Adobe Flash file. (CVE-2008-5499)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 10.0.15.3 for users of Red Hat
Enterprise Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat
Enterprise 3 and 4 Extras.

See also :

https://www.redhat.com/security/data/cve/CVE-2008-5499.html
http://www.adobe.com/support/security/bulletins/apsb08-24.html
http://www.adobe.com/products/flashplayer/
http://rhn.redhat.com/errata/RHSA-2008-1047.html

Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 40736 ()

Bugtraq ID: 32896

CVE ID: CVE-2008-5499