Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-201804-11.NASL
HistoryApr 12, 2018 - 12:00 a.m.

GLSA-201804-11 : Adobe Flash Player: Multiple vulnerabilities

2018-04-1200:00:00
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.952 High

EPSS

Percentile

99.3%

JSON

The remote host is affected by the vulnerability described in GLSA-201804-11 (Adobe Flash Player: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Flash Player.
  Please review the CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly execute arbitrary code with the       privileges of the process, disclose sensitive information or bypass       security restrictions.

Workaround :

There is no known workaround at this time.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201804-11.
#
# The advisory text is Copyright (C) 2001-2023 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(109007);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/27");

  script_cve_id("CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937");
  script_xref(name:"GLSA", value:"201804-11");

  script_name(english:"GLSA-201804-11 : Adobe Flash Player: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is affected by the vulnerability described in GLSA-201804-11
(Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could possibly execute arbitrary code with the
      privileges of the process, disclose sensitive information or bypass
      security restrictions.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201804-11"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"All Adobe Flash users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=www-plugins/adobe-flash-29.0.0.140'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 29.0.0.140"), vulnerable:make_list("lt 29.0.0.140"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
}
VendorProductVersionCPE
gentoolinuxadobe-flashp-cpe:/a:gentoo:linux:adobe-flash
gentoolinuxcpe:/o:gentoo:linux

Related

openvas 7
freebsd 1
nessus 6
kaspersky 1
symantec 1
mscve 1
gentoo 1
redhat 1
adobe 1
trendmicroblog 1
threatpost 1
redhatcve 6
zdt 4
prion 6
checkpoint_advisories 6
ubuntucve 6
cve 6
nvd 6
cvelist 6
openvas
openvas
Adobe Flash Player Within Google Chrome Security Update (APSB18-08) - Mac OS X
2018-04-11 00:00:00
Adobe Flash Player Within Google Chrome Security Update (APSB18-08) - Linux
2018-04-11 00:00:00
Adobe Flash Player Security Updates (APSB18-08) - Mac OS X
2018-04-11 00:00:00
freebsd
freebsd
Flash Player -- multiple vulnerabilities
2018-04-10 00:00:00
nessus
nessus
FreeBSD : Flash Player -- multiple vulnerabilities (5c6f7482-3ced-11e8-b157-6451062f0f7a)
2018-04-11 00:00:00
Adobe Flash Player for Mac <= 29.0.0.113 (APSB18-08)
2018-04-10 00:00:00
RHEL 6 : flash-plugin (RHSA-2018:1119)
2018-04-12 00:00:00
kaspersky
kaspersky
KLA11223 Multiple vulnerabilities in Adobe Flash Player
2018-04-10 00:00:00
symantec
symantec
Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities
2018-04-10 00:00:00
mscve
mscve
April 2018 Adobe Flash Security Update
2018-04-10 07:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2018-04-11 00:00:00
redhat
redhat
(RHSA-2018:1119) Critical: flash-plugin security update
2018-04-11 21:13:17
adobe
adobe
APSB18-08 Security updates available for Adobe Flash Player
2018-04-10 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 16, 2018
2018-04-20 14:45:13
threatpost
threatpost
Adobe Patches Four Critical Bugs in Flash, InDesign
2018-04-10 16:21:34
redhatcve
redhatcve
CVE-2018-4932
2018-04-10 21:51:21
CVE-2018-4933
2018-04-10 21:51:33
CVE-2018-4935
2018-04-10 21:51:56
zdt
zdt
Adobe Flash - Out-of-Bounds Write in blur Filtering Exploit
2018-04-24 00:00:00
Adobe Flash - Overflow when Playing Sound Exploit
2018-04-24 00:00:00
Adobe Flash - Overflow in Slab Rendering Exploit
2018-04-24 00:00:00
prion
prion
Out-of-bounds
2018-05-19 17:29:00
Out-of-bounds
2018-05-19 17:29:00
Heap overflow
2018-05-19 17:29:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Out-of-bounds write (APSB18-08: CVE-2018-4937)
2018-04-10 00:00:00
Adobe Flash Player Out-of-bounds write (APSB18-08: CVE-2018-4935)
2018-04-10 00:00:00
Adobe Flash Player Heap Overflow (APSB18-08: CVE-2018-4936)
2018-04-10 00:00:00
ubuntucve
ubuntucve
CVE-2018-4936
2018-05-19 00:00:00
CVE-2018-4937
2018-05-19 00:00:00
CVE-2018-4934
2018-05-19 00:00:00
cve
cve
CVE-2018-4937
2018-05-19 17:29:01
CVE-2018-4936
2018-05-19 17:29:01
CVE-2018-4935
2018-05-19 17:29:01
nvd
nvd
CVE-2018-4937
2018-05-19 17:29:01
CVE-2018-4934
2018-05-19 17:29:01
CVE-2018-4936
2018-05-19 17:29:01
cvelist
cvelist
CVE-2018-4937
2018-05-19 17:00:00
CVE-2018-4936
2018-05-19 17:00:00
CVE-2018-4932
2018-05-19 17:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.952 High

EPSS

Percentile

99.3%

JSON
Related for GENTOO_GLSA-201804-11.NASL
openvas7freebsd1nessus6kaspersky1symantec1mscve1gentoo1redhat1adobe1trendmicroblog1threatpost1redhatcve6zdt4prion6checkpoint_advisories6ubuntucve6cve6nvd6cvelist6