FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c)

Critical Nessus Plugin ID 83442


The remote FreeBSD host is missing one or more security-related updates.


Adobe reports :

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).

These updates resolve a time-of-check time-of-use (TOCTOU) race condition that could be exploited to bypass Protected Mode in Internet Explorer (CVE-2015-3081).

These updates resolve validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3087).

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-3080).

These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091, CVE-2015-3092).

These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3079), and provide additional hardening to protect against CVE-2015-3044.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 83442

File Name: freebsd_pkg_e206df57f97b11e4b799c485083ca99c.nasl

Version: $Revision: 2.10 $

Type: local

Published: 2015/05/14

Modified: 2015/07/15

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin, p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/05/13

Vulnerability Publication Date: 2015/05/12

Exploitable With

Core Impact

Metasploit (Adobe Flash Player ShaderJob Buffer Overflow)

Reference Information

CVE: CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093