openSUSE 10 Security Update : flash-player (flash-player-2359)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This security update brings the Adobe Flash Player to version 7.0.69.
It fixes the following security problem :

CVE-2006-5330: CRLF injection vulnerability in Adobe Flash Player
allows remote attackers to modify HTTP headers of client requests and
conduct HTTP Request Splitting attacks via CRLF sequences in arguments
to the ActionScript functions (1) XML.addRequestHeader and (2)
XML.contentType. NOTE: the flexibility of the attack varies depending
on the type of web browser being used.

Solution :

Update the affected flash-player package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27220 ()

Bugtraq ID:

CVE ID: CVE-2006-5330

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now