Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0494 advisory.

    [-  6:3.3.1-5.19.rhel4.0.1]
     - turn off '

     [- 6:3.3.1-5.19.rhel4]
     - Resolves: bz#243620, KDE flash player workaround, CVE-2007-2022

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser.

A problem with the interaction between the Flash Player and the Konqueror webbrowser was fixed. The problem could lead to keypresses leaking to the applet instead of the browser. (CVE-2007-2022)

This update of khc_indexbuilder also restricts the commands that can be executed with EGID 'man'.

The Adobe Flash Player was updated to version 7.0.70.0 for Novell Linux Desktop 9 and to version 9.0.48.0 on SUSE Linux Enterprise Desktop 10 to fix several security problems :

  - An input validation error has been identified in Flash     Player 9.0.45.0 and earlier versions that could lead to     the potential execution of arbitrary code. This     vulnerability could be accessed through content     delivered from a remote location via the user's web     browser, email client, or other applications that     include or reference the Flash Player. (CVE-2007-3456)

  - An issue with insufficient validation of the HTTP     Referer has been identified in Flash Player 8.0.34.0 and     earlier. This issue does not affect Flash Player 9. This     issue could potentially aid an attacker in executing a     cross-site request forgery attack. (CVE-2007-3457)

  - The Linux and Solaris updates for Flash Player 7     (7.0.70.0) address the issues with Flash Player and the     Opera and Konqueror browsers described in Security     Advisory APSA07-03. These issues do not impact Flash     Player 9 on Linux or Solaris. (CVE-2007-2022)

The affected webbrowsers Opera and konqueror have already been fixed independendly.

A problem with the interaction between the Flash Player and the Konqueror webbrowser was fixed. The problem could lead to keypresses leaking to the applet instead of the browser. (CVE-2007-2022)

This update of khc_indexbuilder restricts the commands that can be executed with EGID 'man'.

The Adobe Flash Player was updated to version 7.0.70.0 on SUSE Linux 10.0 and to version 9.0.48.0 on SUSE Linux 10.1 and openSUSE 10.2 to fix several security problems :

CVE-2007-3456: An input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code. This vulnerability could be accessed through content delivered from a remote location via the user's web browser, email client, or other applications that include or reference the Flash Player.

CVE-2007-3457: An issue with insufficient validation of the HTTP Referer has been identified in Flash Player 8.0.34.0 and earlier. This issue does not affect Flash Player 9. This issue could potentially aid an attacker in executing a cross-site request forgery attack.

CVE-2007-2022: The Linux and Solaris updates for Flash Player 7 (7.0.70.0) address the issues with Flash Player and the Opera and Konqueror browsers described in Security Advisory APSA07-03. These issues do not impact Flash Player 9 on Linux or Solaris.

The affected webbrowsers Opera and konqueror have already been fixed independendly.

The remote host is affected by the vulnerability described in GLSA-200708-01 (Macromedia Flash Player: Remote arbitrary code execution)

    Mark Hills discovered some errors when interacting with a browser for     keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon     from Minded Security discovered a boundary error when processing FLV     files (CVE-2007-3456). An input validation error when processing HTTP     referrers has also been reported (CVE-2007-3457).
  Impact :

    A remote attacker could entice a user to open a specially crafted file,     possibly leading to the execution of arbitrary code with the privileges     of the user running the Macromedia Flash Player, or sensitive data     access.
  Workaround :

    There is no known workaround at this time.

Adobe reports :

Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities.

An issue with the interaction between the Flash Player and the Konqueror web browser was discovered, which could lead to key presses leaking to the Flash Player instead of to the browser. This only affects users who have actually installed the Adobe Flash Player plugin.

Updated packages have been patched to prevent this issue.

Updated kdebase packages that resolve an interaction security issue with Adobe Flash Player are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager.

A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser (CVE-2007-2022).

Users of Konqueror who have installed the Adobe Flash Player plugin should upgrade to these updated packages, which contain a patch provided by Dirk Muller that protects against this issue.

ID	Name	Product	Family	Severity
67522	Oracle Linux 5 : Important: / kdebase (ELSA-2007-0494)	Nessus	Oracle Linux Local Security Checks	high
60204	Scientific Linux Security Update : kdebase on SL5.x, SL4.x, SL3.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
29477	SuSE 10 Security Update : kdebase3 (ZYPP Patch Number 3407)	Nessus	SuSE Local Security Checks	medium
29434	SuSE 10 Security Update : flash-player (ZYPP Patch Number 3890)	Nessus	SuSE Local Security Checks	high
27284	openSUSE 10 Security Update : kdebase3 (kdebase3-3347)	Nessus	SuSE Local Security Checks	medium
27221	openSUSE 10 Security Update : flash-player (flash-player-3889)	Nessus	SuSE Local Security Checks	high
25866	GLSA-200708-01 : Macromedia Flash Player: Remote arbitrary code execution	Nessus	Gentoo Local Security Checks	high
25718	FreeBSD : linux-flashplugin -- critical vulnerabilities (b42e8c32-34f6-11dc-9bc9-001921ab2fa4)	Nessus	FreeBSD Local Security Checks	high
25666	Mandrake Linux Security Advisory : kdebase (MDKSA-2007:138)	Nessus	Mandriva Local Security Checks	medium
25522	RHEL 3 / 4 / 5 : kdebase (RHSA-2007:0494)	Nessus	Red Hat Local Security Checks	medium
25502	CentOS 3 / 4 / 5 : kdebase (CESA-2007:0494)	Nessus	CentOS Local Security Checks	medium

Detections

Analytics

CVE-2007-2022

high

Tenable Plugins

high

medium

medium

high

medium

high

high

high

medium

medium

medium