The remote Redhat Enterprise Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2010:0829 advisory.

    The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash     Player web browser plug-in.

    This update fixes multiple vulnerabilities in Adobe Flash Player. These     vulnerabilities are detailed on the Adobe security page APSB10-26, listed     in the References section.

    Multiple security flaws were found in the way flash-plugin displayed     certain SWF content. An attacker could use these flaws to create a     specially-crafted SWF file that would cause flash-plugin to crash or,     potentially, execute arbitrary code when the victim loaded a page     containing the specially-crafted SWF content. (CVE-2010-3639,     CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,     CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,     CVE-2010-3650, CVE-2010-3652, CVE-2010-3654)

    An input validation flaw was discovered in flash-plugin. Certain server     encodings could lead to a bypass of cross-domain policy file restrictions,     possibly leading to cross-domain information disclosure. (CVE-2010-3636)

    During testing, it was discovered that there were regressions with Flash     Player on certain sites, such as fullscreen playback on YouTube.  Despite     these regressions, we feel these security flaws are serious enough to     update the package with what Adobe has provided.

    All users of Adobe Flash Player should install this updated package, which     upgrades Flash Player to version 10.1.102.64.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 5 : flash-plugin (RHSA-2010:0829)

high Nessus Plugin ID 63956

Version 1.24

Version 1.23

Version 1.24 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 1.23 Apr 21, 2024, 10:16 AM CVE (set "CVE" coverage to "CVE-2010-3636,CVE-2010-3639,CVE-2010-3640,CVE-2010-3641,CVE-2010-3642,CVE-2010-3643,CVE-2010-3644,CVE-2010-3645,CVE-2010-3646,CVE-2010-3647,CVE-2010-3648,CVE-2010-3649,CVE-2010-3650,CVE-2010-3652,CVE-2010-3654") CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (set to "CVE-2010-3654") CVSSv3 score source (set to "CVE-2010-3652") Detection (updated detection logic) Exploit attributes ("Exploit framework canvas" changed from "True" to none) Exploit attributes ("Exploit framework core" changed from "True" to none) Exploit attributes ("Exploit framework metasploit" changed from "True" to none) Exploit attributes ("Exploited by malware" changed from "True" to none) Plugin metadata Plugin Feed: 202404211016