Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-201507-13.NASL
HistorySep 23, 2015 - 12:00 a.m.

GLSA-201507-13 : Adobe Flash Player: Multiple vulnerabilities (Underminer)

2015-09-2300:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
69

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%

JSON

The remote host is affected by the vulnerability described in GLSA-201507-13 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
  Please review the CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201507-13.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86083);
  script_version("2.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/22");

  script_cve_id(
    "CVE-2014-0578",
    "CVE-2015-3113",
    "CVE-2015-3114",
    "CVE-2015-3115",
    "CVE-2015-3116",
    "CVE-2015-3117",
    "CVE-2015-3118",
    "CVE-2015-3119",
    "CVE-2015-3120",
    "CVE-2015-3121",
    "CVE-2015-3122",
    "CVE-2015-3123",
    "CVE-2015-3124",
    "CVE-2015-3125",
    "CVE-2015-3126",
    "CVE-2015-3127",
    "CVE-2015-3128",
    "CVE-2015-3129",
    "CVE-2015-3130",
    "CVE-2015-3131",
    "CVE-2015-3132",
    "CVE-2015-3133",
    "CVE-2015-3134",
    "CVE-2015-3135",
    "CVE-2015-3136",
    "CVE-2015-3137",
    "CVE-2015-4428",
    "CVE-2015-4429",
    "CVE-2015-4430",
    "CVE-2015-4431",
    "CVE-2015-4432",
    "CVE-2015-4433",
    "CVE-2015-5116",
    "CVE-2015-5117",
    "CVE-2015-5118",
    "CVE-2015-5119"
  );
  script_xref(name:"GLSA", value:"201507-13");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/04");

  script_name(english:"GLSA-201507-13 : Adobe Flash Player: Multiple vulnerabilities (Underminer)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201507-13
(Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could possibly execute arbitrary code with the
      privileges of the process, cause a Denial of Service condition, obtain
      sensitive information, or bypass security restrictions.
  
Workaround :

    There is no known workaround at this time.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201507-13");
  script_set_attribute(attribute:"solution", value:
"All Adobe Flash Player users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-plugins/adobe-flash-11.2.202.481'");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ByteArray Use After Free');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 11.2.202.481"), vulnerable:make_list("lt 11.2.202.481"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
}

References

Related

gentoo 1
nessus 14
kaspersky 1
openvas 8
altlinux 2
mageia 1
suse 2
redhat 1
securityvulns 1
prion 33
ubuntucve 33
cve 33
cvelist 33
nvd 34
checkpoint_advisories 2
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-07-10 00:00:00
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2015:1214) (Underminer)
2015-07-09 00:00:00
Adobe AIR for Mac <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)
2015-07-09 00:00:00
MS KB3065823: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
2015-07-09 00:00:00
kaspersky
kaspersky
KLA10623 Multiple vulnerabilities in Adobe products
2015-07-08 00:00:00
openvas
openvas
Adobe Air Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X
2015-07-09 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2015:1211-1)
2015-10-15 00:00:00
Adobe Flash Player Use-After-Free Vulnerability (Jul 2015) - Mac OS X
2015-07-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt47
2015-07-08 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt47
2015-07-08 00:00:00
mageia
mageia
Updated flash-player-plugin package fixes critical security vulnerabilities
2015-07-09 11:09:20
suse
suse
Security update for flash-player (critical)
2015-07-09 11:08:12
Security update for flash-player (critical)
2015-07-09 14:08:22
redhat
redhat
(RHSA-2015:1214) Critical: flash-plugin security update
2015-07-08 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2015-07-19 00:00:00
prion
prion
Design/Logic Flaw
2015-07-09 16:59:00
Design/Logic Flaw
2015-07-09 16:59:00
Design/Logic Flaw
2015-07-09 16:59:00
ubuntucve
ubuntucve
CVE-2015-5117
2015-07-09 00:00:00
CVE-2015-3127
2015-07-09 00:00:00
CVE-2015-4430
2015-07-09 00:00:00
cve
cve
CVE-2015-3127
2015-07-09 16:59:14
CVE-2015-3118
2015-07-09 16:59:05
CVE-2015-5117
2015-07-09 16:59:29
cvelist
cvelist
CVE-2015-3118
2015-07-09 16:00:00
CVE-2015-3124
2015-07-09 16:00:00
CVE-2015-5117
2015-07-09 16:00:00
nvd
nvd
CVE-2015-3128
2015-07-09 16:59:15
CVE-2015-3118
2015-07-09 16:59:05
CVE-2015-3129
2015-07-09 16:59:16
checkpoint_advisories
checkpoint_advisories
Adobe Flash Use After Free Code Execution (APSB15-16: CVE-2015-3128; CVE-2015-3136; CVE-2015-3137; CVE-2015-4428)
2015-07-26 00:00:00
Adobe Flash Player Heap Buffer Overflow (APSB15-14: CVE-2015-3113; CVE-2015-4432; CVE-2015-5118)
2015-06-24 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%

JSON
Related for GENTOO_GLSA-201507-13.NASL
gentoo1nessus14kaspersky1openvas8altlinux2mageia1suse2redhat1securityvulns1prion33ubuntucve33cve33cvelist33nvd34checkpoint_advisories2