RHEL 5 : flash-plugin (RHSA-2009:0332)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes several security
issues is now available for Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash
Player Web browser plug-in.

Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the
victim loaded a page containing the specially crafted SWF content.
(CVE-2009-0520, CVE-2009-0519)

It was discovered that Adobe Flash Player had an insecure RPATH
(runtime library search path) set in the ELF (Executable and Linking
Format) header. A local user with write access to the directory
pointed to by RPATH could use this flaw to execute arbitrary code with
the privileges of the user running Adobe Flash Player. (CVE-2009-0521)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 10.0.22.87.

See also :

https://www.redhat.com/security/data/cve/CVE-2009-0519.html
https://www.redhat.com/security/data/cve/CVE-2009-0520.html
https://www.redhat.com/security/data/cve/CVE-2009-0521.html
http://www.adobe.com/support/security/bulletins/apsb09-01.html
http://www.adobe.com/products/flashplayer/
http://rhn.redhat.com/errata/RHSA-2009-0332.html

Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63872 ()

Bugtraq ID:

CVE ID: CVE-2009-0519
CVE-2009-0520
CVE-2009-0521
CVE-2009-0522