Detections
Analytics

FreeBSD : flash -- multiple vulnerabilities (a63f2c06-726b-11e5-a12b-bcaec565249c)

critical Nessus Plugin ID 86388

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Adobe reports :

These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).

These updates include a defense-in-depth feature in the Flash broker API (CVE-2015-5569).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).

Solution

Update the affected packages.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb15-25.html

http://www.nessus.org/u?d740ec8d

Plugin Details

Severity: Critical

ID: 86388

File Name: freebsd_pkg_a63f2c06726b11e5a12bbcaec565249c.nasl

Version: 2.7

Type: local

Published: 10/15/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin, p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin, p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/14/2015

Vulnerability Publication Date: 10/13/2015

Reference Information

CVE: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644