Lucene search
Copyright (c) 2012 E-Soft Inc. http://www.securityspace.comOPENVAS:72608HistoryNov 26, 2012 - 12:00 a.m.
FreeBSD Ports: linux-f10-flashplugin
2012-11-2600:00:00
Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
17
EPSS
0.014
Percentile
86.3%
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 4b8b748e-2a24-11e2-bb44-003067b2972c
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID 4b8b748e-2a24-11e2-bb44-003067b2972c
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following package is affected: linux-f10-flashplugin
CVE-2012-5274
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and
CVE-2012-5280.
CVE-2012-5275
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and
CVE-2012-5280.
CVE-2012-5276
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and
CVE-2012-5280.
CVE-2012-5277
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and
CVE-2012-5280.
CVE-2012-5278
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on
Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251
on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before
11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR
SDK before 3.5.0.600 allow attackers to bypass intended access
restrictions and execute arbitrary code via unspecified vectors.
CVE-2012-5279
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on
Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251
on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before
11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR
SDK before 3.5.0.600 allow attackers to execute arbitrary code or
cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-5280
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x
before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and
11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x
and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before
3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to
execute arbitrary code via unspecified vectors, a different
vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and
CVE-2012-5277.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
https://www.adobe.com/support/security/bulletins/apsb12-24.html
http://www.vuxml.org/freebsd/4b8b748e-2a24-11e2-bb44-003067b2972c.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(72608);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2012-5274", "CVE-2012-5275", "CVE-2012-5276", "CVE-2012-5277", "CVE-2012-5278", "CVE-2012-5279", "CVE-2012-5280");
script_version("$Revision: 5956 $");
script_tag(name:"last_modification", value:"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $");
script_tag(name:"creation_date", value:"2012-11-26 12:47:33 -0500 (Mon, 26 Nov 2012)");
script_name("FreeBSD Ports: linux-f10-flashplugin");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
vuln = 0;
txt = "";
bver = portver(pkg:"linux-f10-flashplugin");
if(!isnull(bver) && revcomp(a:bver, b:"11.2r202.243")<=0) {
txt += "Package linux-f10-flashplugin version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(vuln) {
security_message(data:string(txt ));
} else if (__pkg_match) {
exit(99);
}
Related
openvas
openvas
openSUSE: Security Advisory for flash-player (openSUSE-SU-2012:1480-1)
2012-12-13 00:00:00
Adobe Flash Player Multiple Vulnerabilities - November12 (Windows)
2012-11-08 00:00:00
FreeBSD Ports: linux-f10-flashplugin
2012-11-26 00:00:00
nessus
nessus
suse
suse
Update to 11.2.202.251 (important)
2013-01-23 14:05:07
flash-player: Update to 11.2.202.251 (important)
2013-02-28 18:27:42
flash-player: Update to 11.2.202.251 (important)
2012-11-14 10:08:31
thn
thn
Patch released for 7 critical Adobe Flash Player Vulnerabilities
2012-11-06 18:32:00
redhat
redhat
(RHSA-2012:1431) Critical: flash-plugin security update
2012-11-07 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2012-10-08 00:00:00
prion
prion
Buffer overflow
2012-11-07 05:41:00
Buffer overflow
2012-11-07 05:41:00
Buffer overflow
2012-11-07 05:41:00
ubuntucve
ubuntucve
nvd
nvd
cvelist
cvelist
cve
cve
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player and AIR Security Bypass (APSB12-24; CVE-2012-5278)
2012-12-30 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2013-09-14 00:00:00