Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Tue Mar 10, 2009 11:26 pm    Post subject: [ GLSA 200903-23 ] Adobe Flash Player: Multiple vulnerabilit Reply with quote

Gentoo Linux Security Advisory

Title: Adobe Flash Player: Multiple vulnerabilities (GLSA 200903-23)
Severity: normal
Exploitable: remote
Date: March 10, 2009
Updated: May 28, 2009
Bug(s): #239543, #251496, #260264
ID: 200903-23

Synopsis


Multiple vulnerabilities have been identified, the worst of which allow
arbitrary code execution on a user's system via a malicious Flash file.


Background


The Adobe Flash Player is a renderer for the popular SWF file format,
which is commonly used to provide interactive websites, digital
experiences and mobile content.


Affected Packages

Package: www-plugins/adobe-flash
Vulnerable: < 10.0.22.87
Unaffected: >= 10.0.22.87
Architectures: All supported architectures


Description


Multiple vulnerabilities have been discovered in Adobe Flash Player:
  • The access scope of SystemsetClipboard() allows ActionScript
    programs to execute the method without user interaction
    (CVE-2008-3873).
  • The access scope of FileReference.browse() and
    FileReference.download() allows ActionScript programs to execute the
    methods without user interaction (CVE-2008-4401).
  • The Settings Manager controls can be disguised as normal graphical
    elements. This so-called "clickjacking" vulnerability was disclosed by
    Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security,
    Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of
    TopsecTianRongXin (CVE-2008-4503).
  • Adan Barth (UC Berkely) and Collin Jackson (Stanford University)
    discovered a flaw occurring when interpreting HTTP response headers
    (CVE-2008-4818).
  • Nathan McFeters and Rob Carter of Ernst and Young's Advanced
    Security Center are credited for finding an unspecified vulnerability
    facilitating DNS rebinding attacks (CVE-2008-4819).
  • When used in a Mozilla browser, Adobe Flash Player does not
    properly interpret jar: URLs, according to a report by Gregory
    Fleischer of pseudo-flaw.net (CVE-2008-4821).
  • Alex "kuza55" K. reported that Adobe Flash Player does not properly
    interpret policy files (CVE-2008-4822).
  • The vendor credits Stefano Di Paola of Minded Security for
    reporting that an ActionScript attribute is not interpreted properly
    (CVE-2008-4823).
  • Riley Hassell and Josh Zelonis of iSEC Partners reported multiple
    input validation errors (CVE-2008-4824).
  • The aforementioned researchers also reported that ActionScript 2
    does not verify a member element's size when performing several known
    and other unspecified actions, that DefineConstantPool accepts an
    untrusted input value for a "constant count" and that character
    elements are not validated when retrieved from a data structure,
    possibly resulting in a null-pointer dereference (CVE-2008-5361,
    CVE-2008-5362, CVE-2008-5363).
  • The vendor reported an unspecified arbitrary code execution
    vulnerability (CVE-2008-5499).
  • Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the
    Settings Manager related to "clickjacking" (CVE-2009-0114).
  • The vendor credits Roee Hay from IBM Rational Application Security
    for reporting an input validation error when processing SWF files
    (CVE-2009-0519).
  • Javier Vicente Vallejo reported via the iDefense VCP that Adobe
    Flash does not remove object references properly, leading to a freed
    memory dereference (CVE-2009-0520).
  • Josh Bressers of Red Hat and Tavis Ormandy of the Google Security
    Team reported an untrusted search path vulnerability
    (CVE-2009-0521).


Impact


A remote attacker could entice a user to open a specially crafted SWF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user or a Denial of Service (crash). Furthermore a
remote attacker could gain access to sensitive information, disclose
memory contents by enticing a user to open a specially crafted PDF file
inside a Flash application, modify the victim's clipboard or render it
temporarily unusable, persuade a user into uploading or downloading
files, bypass security restrictions with the assistance of the user to
gain access to camera and microphone, conduct Cross-Site Scripting and
HTTP Header Splitting attacks, bypass the "non-root domain policy" of
Flash, and gain escalated privileges.


Workaround


There is no known workaround at this time.


Resolution


All Adobe Flash Player users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.22.87"


References

CVE-2008-3873
CVE-2008-4401
CVE-2008-4503
CVE-2008-4818
CVE-2008-4819
CVE-2008-4821
CVE-2008-4822
CVE-2008-4823
CVE-2008-4824
CVE-2008-5361
CVE-2008-5362
CVE-2008-5363
CVE-2008-5499
CVE-2009-0114
CVE-2009-0519
CVE-2009-0520
CVE-2009-0521


Last edited by GLSA on Mon Feb 14, 2011 4:27 am; edited 4 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum