SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)

Critical Nessus Plugin ID 79308

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

flash-player was updated to version 11.2.202.418 to fix 18 security issues :

- Memory corruption vulnerabilities that could lead to code execution. (CVE-2014-0576 / CVE-2014-0581 / CVE-2014-8440 / CVE-2014-8441)

- Use-after-free vulnerabilities that could lead to code execution. (CVE-2014-0573 / CVE-2014-0588 / CVE-2014-8438)

- A double free vulnerability that could lead to code execution. (CVE-2014-0574)

- Type confusion vulnerabilities that could lead to code execution. (CVE-2014-0577 / CVE-2014-0584 / CVE-2014-0585 / CVE-2014-0586 / CVE-2014-0590)

- Heap buffer overflow vulnerabilities that could lead to code execution. (CVE-2014-0582 / CVE-2014-0589)

- An information disclosure vulnerability that could be exploited to disclose session tokens. (CVE-2014-8437)

- A heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level. (CVE-2014-0583)

- A permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442). Further information can be found at http://helpx.adobe.com/security/products/flash-player/ap sb14-24.html .

Solution

Apply SAT patch number 9958.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=905032

http://support.novell.com/security/cve/CVE-2014-0573.html

http://support.novell.com/security/cve/CVE-2014-0574.html

http://support.novell.com/security/cve/CVE-2014-0576.html

http://support.novell.com/security/cve/CVE-2014-0577.html

http://support.novell.com/security/cve/CVE-2014-0581.html

http://support.novell.com/security/cve/CVE-2014-0582.html

http://support.novell.com/security/cve/CVE-2014-0583.html

http://support.novell.com/security/cve/CVE-2014-0584.html

http://support.novell.com/security/cve/CVE-2014-0585.html

http://support.novell.com/security/cve/CVE-2014-0586.html

http://support.novell.com/security/cve/CVE-2014-0588.html

http://support.novell.com/security/cve/CVE-2014-0589.html

http://support.novell.com/security/cve/CVE-2014-0590.html

http://support.novell.com/security/cve/CVE-2014-8437.html

http://support.novell.com/security/cve/CVE-2014-8438.html

http://support.novell.com/security/cve/CVE-2014-8440.html

http://support.novell.com/security/cve/CVE-2014-8441.html

http://support.novell.com/security/cve/CVE-2014-8442.html

Plugin Details

Severity: Critical

ID: 79308

File Name: suse_11_flash-player-141114.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2014/11/18

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:flash-player, p-cpe:/a:novell:suse_linux:11:flash-player-gnome, p-cpe:/a:novell:suse_linux:11:flash-player-kde4, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/11/14

Exploitable With

Metasploit (Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory)

Reference Information

CVE: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442