From: Robert Buchholz <rbu@gentoo.org.>
To: gentoo-announce@gentoo.org
Subject: [ GLSA 200801-07 ] Adobe Flash Player: Multiple vulnerabilities
Date: Sun, 20 Jan 2008 01:32:39 +0100
User-Agent: KMail/1.9.7
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk,
security-alerts@linuxsecurity.com
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart1806832.xoXKzJAals";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200801200132.39923.rbu@gentoo.org.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
--nextPart1806832.xoXKzJAals
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200801-07:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 20, 2008
Updated: January 20, 2008
Bugs: #193519
ID: 200801-07:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been identified, the worst of which allow
arbitrary code execution on a user's system via a malicious Flash file.
Background
==========
The Adobe Flash Player is a renderer for the popular SWF file format,
which is commonly used to provide interactive websites, digital
experiences and mobile content.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/netscape-flash < 9.0.115.0 >= 9.0.115.0
Description
===========
* Flash contains a copy of PCRE which is vulnerable to a heap-based
buffer overflow (GLSA 200711-30, CVE-2007-4768).
* Aaron Portnoy reported an unspecified vulnerability related to
input validation (CVE-2007-6242).
* Jesse Michael and Thomas Biege reported that Flash does not
correctly set memory permissions (CVE-2007-6246).
* Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong
Shao reported that Flash does not pin DNS hostnames to a single IP
addresses, allowing for DNS rebinding attacks (CVE-2007-5275).
* David Neu reported an error withing the implementation of the
Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).
* Toshiharu Sugiyama reported that Flash does not sufficiently
restrict the interpretation and usage of cross-domain policy files,
allowing for easier cross-site scripting attacks (CVE-2007-6243).
* Rich Cannings reported a cross-site scripting vulnerability in the
way the "asfunction:" protocol was handled (CVE-2007-6244).
* Toshiharu Sugiyama discovered that Flash allows remote attackers to
modify HTTP headers for client requests and conduct HTTP Request
Splitting attacks (CVE-2007-6245).
Impact
======
A remote attacker could entice a user to open a specially crafted file
(usually in a web browser), possibly leading to the execution of
arbitrary code with the privileges of the user running the Adobe Flash
Player. The attacker could also cause a user's machine to establish TCP
sessions with arbitrary hosts, bypass the Security Sandbox Model,
obtain sensitive information, port scan arbitrary hosts, or conduct
cross-site-scripting attacks.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/netscape-flash-9.0.115.0"
Please be advised that unaffected packages of the Adobe Flash Player
have known problems when used from within the Konqueror and Opera
browsers.
References
==========
[ 1 ] CVE-2007-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
[ 2 ] CVE-2007-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
[ 3 ] CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
[ 4 ] CVE-2007-6242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242
[ 5 ] CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
[ 6 ] CVE-2007-6244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244
[ 7 ] CVE-2007-6245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245
[ 8 ] CVE-2007-6246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246
[ 9 ] GLSA 200711-30
http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200801-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--nextPart1806832.xoXKzJAals
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBHkpanyZx3L/ph1soRAjY9AJ4odCYq9DUWhNE/ANEtR3A2OMLMGACgwywy
4jnzcBNL34IbePBCx/d6rd8=
=3x2f
-----END PGP SIGNATURE-----
--nextPart1806832.xoXKzJAals--
