Gentoo Archives: gentoo-announce

From: Robert Buchholz <rbu@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities
Date: Sun, 20 Jan 2008 00:38:11
Message-Id: 200801200132.39923.rbu@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200801-07:02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: January 20, 2008
10 Updated: January 20, 2008
11 Bugs: #193519
12 ID: 200801-07:02
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been identified, the worst of which allow
20 arbitrary code execution on a user's system via a malicious Flash file.
21
22 Background
23 ==========
24
25 The Adobe Flash Player is a renderer for the popular SWF file format,
26 which is commonly used to provide interactive websites, digital
27 experiences and mobile content.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 net-www/netscape-flash < 9.0.115.0 >= 9.0.115.0
36
37 Description
38 ===========
39
40 * Flash contains a copy of PCRE which is vulnerable to a heap-based
41 buffer overflow (GLSA 200711-30, CVE-2007-4768).
42
43 * Aaron Portnoy reported an unspecified vulnerability related to
44 input validation (CVE-2007-6242).
45
46 * Jesse Michael and Thomas Biege reported that Flash does not
47 correctly set memory permissions (CVE-2007-6246).
48
49 * Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong
50 Shao reported that Flash does not pin DNS hostnames to a single IP
51 addresses, allowing for DNS rebinding attacks (CVE-2007-5275).
52
53 * David Neu reported an error withing the implementation of the
54 Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).
55
56 * Toshiharu Sugiyama reported that Flash does not sufficiently
57 restrict the interpretation and usage of cross-domain policy files,
58 allowing for easier cross-site scripting attacks (CVE-2007-6243).
59
60 * Rich Cannings reported a cross-site scripting vulnerability in the
61 way the "asfunction:" protocol was handled (CVE-2007-6244).
62
63 * Toshiharu Sugiyama discovered that Flash allows remote attackers to
64 modify HTTP headers for client requests and conduct HTTP Request
65 Splitting attacks (CVE-2007-6245).
66
67 Impact
68 ======
69
70 A remote attacker could entice a user to open a specially crafted file
71 (usually in a web browser), possibly leading to the execution of
72 arbitrary code with the privileges of the user running the Adobe Flash
73 Player. The attacker could also cause a user's machine to establish TCP
74 sessions with arbitrary hosts, bypass the Security Sandbox Model,
75 obtain sensitive information, port scan arbitrary hosts, or conduct
76 cross-site-scripting attacks.
77
78 Workaround
79 ==========
80
81 There is no known workaround at this time.
82
83 Resolution
84 ==========
85
86 All Adobe Flash Player users should upgrade to the latest version:
87
88 # emerge --sync
89 # emerge --ask --oneshot --verbose ">=net-www/netscape-flash-9.0.115.0"
90
91 Please be advised that unaffected packages of the Adobe Flash Player
92 have known problems when used from within the Konqueror and Opera
93 browsers.
94
95 References
96 ==========
97
98 [ 1 ] CVE-2007-4324
99 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
100 [ 2 ] CVE-2007-4768
101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
102 [ 3 ] CVE-2007-5275
103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
104 [ 4 ] CVE-2007-6242
105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242
106 [ 5 ] CVE-2007-6243
107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
108 [ 6 ] CVE-2007-6244
109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244
110 [ 7 ] CVE-2007-6245
111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245
112 [ 8 ] CVE-2007-6246
113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246
114 [ 9 ] GLSA 200711-30
115 http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml
116
117 Availability
118 ============
119
120 This GLSA and any updates to it are available for viewing at
121 the Gentoo Security Website:
122
123 http://security.gentoo.org/glsa/glsa-200801-07.xml
124
125 Concerns?
126 =========
127
128 Security is a primary focus of Gentoo Linux and ensuring the
129 confidentiality and security of our users machines is of utmost
130 importance to us. Any security concerns should be addressed to
131 security@g.o or alternatively, you may file a bug at
132 http://bugs.gentoo.org.
133
134 License
135 =======
136
137 Copyright 2008 Gentoo Foundation, Inc; referenced text
138 belongs to its owner(s).
139
140 The contents of this document are licensed under the
141 Creative Commons - Attribution / Share Alike license.
142
143 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature