RHEL 3 / 4 : flash-plugin (RHSA-2006:0674)

medium Nessus Plugin ID 63833

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated Adobe Flash Player package that fixes security issues is now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in.

Security issues were discovered in the Adobe Flash Player. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious Adobe Flash file. (CVE-2006-3311, CVE-2006-3587, CVE-2006-3588)

Users of Adobe Flash Player should upgrade to this updated package, which contains version 7.0.68 and is not vulnerable to this issue.

Red Hat would like to thank Adobe for notifying us of these issues.

Solution

Update the affected flash-plugin package.

See Also

https://www.redhat.com/security/data/cve/CVE-2006-3311.html

https://www.redhat.com/security/data/cve/CVE-2006-3587.html

https://www.redhat.com/security/data/cve/CVE-2006-3588.html

https://www.redhat.com/security/data/cve/CVE-2006-4640.html

http://www.adobe.com/support/security/bulletins/apsb06-11.html

http://rhn.redhat.com/errata/RHSA-2006-0674.html

Plugin Details

Severity: Medium

ID: 63833

File Name: redhat-RHSA-2006-0674.nasl

Version: 1.9

Type: local

Agent: unix

Published: 1/24/2013

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:3, p-cpe:/a:redhat:enterprise_linux:flash-plugin

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 9/12/2006

Vulnerability Publication Date: 7/5/2006

Reference Information

CVE: CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, CVE-2006-4640

CWE: 264

RHSA: 2006:0674