GLSA 200903-23: Adobe Flash Player: Multiple vulnerabilities

Опасность:	средняя
Заголовок:	Adobe Flash Player: Multiple vulnerabilities
Дата:	10.03.2009
Ошибки:	#239543, #251496, #260264
ID:	200903-23

Сводка

Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file.

Назначение

The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content.

Уязвимые пакеты

Пакет	Уязвимый	Нетронутый	Архитектура(ы)
www-plugins/adobe-flash	< 10.0.22.87	>= 10.0.22.87	All supported architectures

Описание

Multiple vulnerabilities have been discovered in Adobe Flash Player:

• The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873).
• The access scope of FileReference.browse() and FileReference.download() allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401).
• The Settings Manager controls can be disguised as normal graphical elements. This so-called "clickjacking" vulnerability was disclosed by Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin (CVE-2008-4503).
• Adan Barth (UC Berkely) and Collin Jackson (Stanford University) discovered a flaw occurring when interpreting HTTP response headers (CVE-2008-4818).
• Nathan McFeters and Rob Carter of Ernst and Young's Advanced Security Center are credited for finding an unspecified vulnerability facilitating DNS rebinding attacks (CVE-2008-4819).
• When used in a Mozilla browser, Adobe Flash Player does not properly interpret jar: URLs, according to a report by Gregory Fleischer of pseudo-flaw.net (CVE-2008-4821).
• Alex "kuza55" K. reported that Adobe Flash Player does not properly interpret policy files (CVE-2008-4822).
• The vendor credits Stefano Di Paola of Minded Security for reporting that an ActionScript attribute is not interpreted properly (CVE-2008-4823).
• Riley Hassell and Josh Zelonis of iSEC Partners reported multiple input validation errors (CVE-2008-4824).
• The aforementioned researchers also reported that ActionScript 2 does not verify a member element's size when performing several known and other unspecified actions, that DefineConstantPool accepts an untrusted input value for a "constant count" and that character elements are not validated when retrieved from a data structure, possibly resulting in a null-pointer dereference (CVE-2008-5361, CVE-2008-5362, CVE-2008-5363).
• The vendor reported an unspecified arbitrary code execution vulnerability (CVE-2008-5499).
• Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the Settings Manager related to "clickjacking" (CVE-2009-0114).
• The vendor credits Roee Hay from IBM Rational Application Security for reporting an input validation error when processing SWF files (CVE-2009-0519).
• Javier Vicente Vallejo reported via the iDefense VCP that Adobe Flash does not remove object references properly, leading to a freed memory dereference (CVE-2009-0520).
• Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team reported an untrusted search path vulnerability (CVE-2009-0521).

Воздействие

A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the "non-root domain policy" of Flash, and gain escalated privileges.

Обход

There is no known workaround at this time.

Решение

All Adobe Flash Player users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.22.87"

Ссылки

• CVE-2008-3873
• CVE-2008-4401
• CVE-2008-4503
• CVE-2008-4818
• CVE-2008-4819
• CVE-2008-4821
• CVE-2008-4822
• CVE-2008-4823
• CVE-2008-4824
• CVE-2008-5361
• CVE-2008-5362
• CVE-2008-5363
• CVE-2008-5499
• CVE-2009-0114
• CVE-2009-0519
• CVE-2009-0520
• CVE-2009-0521

Наличие

Этот GLSA и любые обновления для нее доступны для просмотра на сайте Gentoo Security: http://security.gentoo.org/glsa/glsa-200903-23.xml

Опасения?

Безопасность является одной из главных задач Gentoo Linux и первостепенное значение обеспечить конфиденциальность и безопасность машин наших пользователей. Любые соображения безопасности должны быть адресованы security@gentoo.org или в качестве альтернативы, вы можете сообщить об ошибке на https://bugs.gentoo.org.

Лицензия

Copyright 2010 Gentoo Foundation, Inc; текст ссылки принадлежит его владельцу(ам). Содержание этого документа распространяется на условиях лицензии Creative Commons - Attribution / Share Alike.