RHEL 3 / 4 : flash-plugin (RHSA-2010:0103)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes a security issue is
now available for Red Hat Enterprise Linux 3 and 4 Extras.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update fixes a vulnerability in Adobe Flash Player. This
vulnerability is summarized on the Adobe Security Advisory APSB10-06
page listed in the References section. If a victim loaded a web page
containing specially-crafted SWF content, it could cause Flash Player
to perform unauthorized cross-domain requests, leading to the
disclosure of sensitive data. (CVE-2010-0186)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.262.0.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-0186.html
http://www.adobe.com/support/security/bulletins/apsb10-06.html
http://rhn.redhat.com/errata/RHSA-2010-0103.html

Solution :

Update the affected flash-plugin package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63918 ()

Bugtraq ID: 38198

CVE ID: CVE-2010-0186