Detections
Analytics

SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)

critical Nessus Plugin ID 79308

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

flash-player was updated to version 11.2.202.418 to fix 18 security issues :

 - Memory corruption vulnerabilities that could lead to code execution. (CVE-2014-0576 / CVE-2014-0581 / CVE-2014-8440 / CVE-2014-8441)

 - Use-after-free vulnerabilities that could lead to code execution. (CVE-2014-0573 / CVE-2014-0588 / CVE-2014-8438)

 - A double free vulnerability that could lead to code execution. (CVE-2014-0574)

 - Type confusion vulnerabilities that could lead to code execution. (CVE-2014-0577 / CVE-2014-0584 / CVE-2014-0585 / CVE-2014-0586 / CVE-2014-0590)

 - Heap buffer overflow vulnerabilities that could lead to code execution. (CVE-2014-0582 / CVE-2014-0589)

 - An information disclosure vulnerability that could be exploited to disclose session tokens. (CVE-2014-8437)

 - A heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level. (CVE-2014-0583)

 - A permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442). Further information can be found at http://helpx.adobe.com/security/products/flash-player/ap sb14-24.html .

Solution

Apply SAT patch number 9958.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=905032

http://support.novell.com/security/cve/CVE-2014-0573.html

http://support.novell.com/security/cve/CVE-2014-0574.html

http://support.novell.com/security/cve/CVE-2014-0576.html

http://support.novell.com/security/cve/CVE-2014-0577.html

http://support.novell.com/security/cve/CVE-2014-0581.html

http://support.novell.com/security/cve/CVE-2014-0582.html

http://support.novell.com/security/cve/CVE-2014-0583.html

http://support.novell.com/security/cve/CVE-2014-0584.html

http://support.novell.com/security/cve/CVE-2014-0585.html

http://support.novell.com/security/cve/CVE-2014-0586.html

http://support.novell.com/security/cve/CVE-2014-0588.html

http://support.novell.com/security/cve/CVE-2014-0589.html

http://support.novell.com/security/cve/CVE-2014-0590.html

http://support.novell.com/security/cve/CVE-2014-8437.html

http://support.novell.com/security/cve/CVE-2014-8438.html

http://support.novell.com/security/cve/CVE-2014-8440.html

http://support.novell.com/security/cve/CVE-2014-8441.html

http://support.novell.com/security/cve/CVE-2014-8442.html

Plugin Details

Severity: Critical

ID: 79308

File Name: suse_11_flash-player-141114.nasl

Version: 1.7

Type: local

Agent: unix

Published: 11/18/2014

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:flash-player, p-cpe:/a:novell:suse_linux:11:flash-player-gnome, p-cpe:/a:novell:suse_linux:11:flash-player-kde4, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/14/2014

Exploitable With

Metasploit (Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory)

Reference Information

CVE: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442