GLSA-201110-11 : Adobe Flash Player: Multiple vulnerabilities

Critical Nessus Plugin ID 56504

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201110-11 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Impact :

By enticing a user to open a specially crafted SWF file a remote attacker could cause a Denial of Service or the execution of arbitrary code with the privileges of the user running the application.
Workaround :

There is no known workaround at this time.

Solution

All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.3.183.10'

See Also

https://www.adobe.com/support/security/advisories/apsa11-01.html

https://www.adobe.com/support/security/advisories/apsa11-02.html

https://www.adobe.com/support/security/bulletins/apsb11-02.html

https://www.adobe.com/support/security/bulletins/apsb11-12.html

https://www.adobe.com/support/security/bulletins/apsb11-13.html

https://www.adobe.com/support/security/bulletins/apsb11-21.html

https://www.adobe.com/support/security/bulletins/apsb11-26.html

https://security.gentoo.org/glsa/201110-11

Plugin Details

Severity: Critical

ID: 56504

File Name: gentoo_GLSA-201110-11.nasl

Version: $Revision: 1.20 $

Type: local

Published: 2011/10/14

Modified: 2017/10/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:adobe-flash, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/10/13

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow)

Reference Information

CVE: CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0579, CVE-2011-0589, CVE-2011-0607, CVE-2011-0608, CVE-2011-0609, CVE-2011-0611, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627, CVE-2011-0628, CVE-2011-2107, CVE-2011-2110, CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444

BID: 46186, 46188, 46189, 46190, 46191, 46192, 46193, 46194, 46195, 46196, 46197, 46202, 46282, 46283, 46860, 47314, 47806, 47807, 47808, 47809, 47810, 47811, 47812, 47813, 47814, 47815, 47847, 47961, 48107, 48268, 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49186, 49710, 49714, 49715, 49716, 49717, 49718

GLSA: 201110-11