RHEL 5 : flash-plugin (RHSA-2009:0332)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes several security
issues is now available for Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash
Player Web browser plug-in.

Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the
victim loaded a page containing the specially crafted SWF content.
(CVE-2009-0520, CVE-2009-0519)

It was discovered that Adobe Flash Player had an insecure RPATH
(runtime library search path) set in the ELF (Executable and Linking
Format) header. A local user with write access to the directory
pointed to by RPATH could use this flaw to execute arbitrary code with
the privileges of the user running Adobe Flash Player. (CVE-2009-0521)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version

See also :


Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63872 ()

Bugtraq ID: 33880

CVE ID: CVE-2009-0519