GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities

Critical Nessus Plugin ID 35904


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200903-23 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player:
The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873).
The access scope of FileReference.browse() and allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401).
The Settings Manager controls can be disguised as normal graphical elements. This so-called 'clickjacking' vulnerability was disclosed by Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin (CVE-2008-4503).
Adan Barth (UC Berkely) and Collin Jackson (Stanford University) discovered a flaw occurring when interpreting HTTP response headers (CVE-2008-4818).
Nathan McFeters and Rob Carter of Ernst and Young's Advanced Security Center are credited for finding an unspecified vulnerability facilitating DNS rebinding attacks (CVE-2008-4819).
When used in a Mozilla browser, Adobe Flash Player does not properly interpret jar: URLs, according to a report by Gregory Fleischer of (CVE-2008-4821).
Alex 'kuza55' K. reported that Adobe Flash Player does not properly interpret policy files (CVE-2008-4822).
The vendor credits Stefano Di Paola of Minded Security for reporting that an ActionScript attribute is not interpreted properly (CVE-2008-4823).
Riley Hassell and Josh Zelonis of iSEC Partners reported multiple input validation errors (CVE-2008-4824).
The aforementioned researchers also reported that ActionScript 2 does not verify a member element's size when performing several known and other unspecified actions, that DefineConstantPool accepts an untrusted input value for a 'constant count' and that character elements are not validated when retrieved from a data structure, possibly resulting in a NULL pointer dereference (CVE-2008-5361, CVE-2008-5362, CVE-2008-5363).
The vendor reported an unspecified arbitrary code execution vulnerability (CVE-2008-5499).
Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the Settings Manager related to 'clickjacking' (CVE-2009-0114).
The vendor credits Roee Hay from IBM Rational Application Security for reporting an input validation error when processing SWF files (CVE-2009-0519).
Javier Vicente Vallejo reported via the iDefense VCP that Adobe Flash does not remove object references properly, leading to a freed memory dereference (CVE-2009-0520).
Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team reported an untrusted search path vulnerability (CVE-2009-0521).
Impact :

A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the 'non-root domain policy' of Flash, and gain escalated privileges.
Workaround :

There is no known workaround at this time.


All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-'

See Also

Plugin Details

Severity: Critical

ID: 35904

File Name: gentoo_GLSA-200903-23.nasl

Version: $Revision: 1.34 $

Type: local

Published: 2009/03/11

Modified: 2016/11/11

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:adobe-flash, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/03/10

Exploitable With

Core Impact

Metasploit (Adobe Flash Player ActionScript Launch Command Execution Vulnerability)

Reference Information

CVE: CVE-2008-3873, CVE-2008-4401, CVE-2008-4503, CVE-2008-4818, CVE-2008-4819, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824, CVE-2008-5361, CVE-2008-5362, CVE-2008-5363, CVE-2008-5499, CVE-2009-0114, CVE-2009-0519, CVE-2009-0520, CVE-2009-0521

BID: 31117, 31537, 32896, 33880, 33889, 33890

OSVDB: 48049, 48944, 49753, 49780, 49783, 49785, 49790, 49958, 50073, 50126, 50127, 50796, 51491, 52749, 52917, 53097

GLSA: 200903-23

CWE: 20, 79, 94, 119, 200, 264, 399