Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 248586 Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris
Informations
Name SUN-248586 First vendor Publication 2009-01-06
Vendor Sun Last vendor Modification 2009-01-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in the Flash Player plugin distributed with Solaris may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user on the system while loading a malicious SWF file with the affected plugin.  In addition, the Flash Player plugin may allow a remote user to bypass the Security Sandbox Model, modify the clipboard with a URL, allow cross-site scripting attacks, inject arbitrary web script or HTML, obtain sensitive data, conduct DNS rebinding and hijack the camera or microphone while loading a malicious SWF file with the affected plugin.

Additional information regarding these issues are available at:
State: Resolved
First released: 06-Jan-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_248586_multiple_security

CWE : Common Weakness Enumeration

% Id Name
31 % CWE-264 Permissions, Privileges, and Access Controls
23 % CWE-399 Resource Management Errors
15 % CWE-200 Information Exposure
15 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
15 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10987
 
Oval ID: oval:org.mitre.oval:def:10987
Title: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1349
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11069
 
Oval ID: oval:org.mitre.oval:def:11069
Title: Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Description: Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6243
Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11874
 
Oval ID: oval:org.mitre.oval:def:11874
Title: ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Description: ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4324
Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21702
 
Oval ID: oval:org.mitre.oval:def:21702
Title: ELSA-2007:0395: mod_perl security update (Low)
Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family: unix Class: patch
Reference(s): ELSA-2007:0395-02
CVE-2007-1349
Version: 6
Platform(s): Oracle Linux 5
Product(s): mod_perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22730
 
Oval ID: oval:org.mitre.oval:def:22730
Title: ELSA-2008:0945: flash-plugin security update (Critical)
Description: The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
Family: unix Class: patch
Reference(s): ELSA-2008:0945-02
CVE-2007-4324
CVE-2007-6243
CVE-2008-3873
CVE-2008-4401
CVE-2008-4503
CVE-2008-4818
CVE-2008-4819
CVE-2008-4821
CVE-2008-4822
CVE-2008-4823
CVE-2008-4824
CVE-2008-5361
CVE-2008-5362
CVE-2008-5363
Version: 61
Platform(s): Oracle Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24854
 
Oval ID: oval:org.mitre.oval:def:24854
Title: ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not
Description: ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.
Family: windows Class: vulnerability
Reference(s): CVE-2007-4324
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24909
 
Oval ID: oval:org.mitre.oval:def:24909
Title: Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Description: Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2007-6243
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Adobe Flash Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8349
 
Oval ID: oval:org.mitre.oval:def:8349
Title: Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1349
Version: 2
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 89
Application 1
Application 1
Application 4

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003
File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for mod_perl
File : nvt/sles9p5019089.nasl
2009-04-24 Name : Mod_Perl Path_Info Remote Denial Of Service Vulnerability
File : nvt/modperl_cve_2007_1349.nasl
2009-04-09 Name : Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
File : nvt/gb_mandriva_MDKSA_2007_083.nasl
2009-03-23 Name : Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
File : nvt/gb_ubuntu_USN_488_1.nasl
2009-03-13 Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash)
File : nvt/glsa_200903_23.nasl
2009-02-27 Name : Fedora Update for mod_perl FEDORA-2007-0316
File : nvt/gb_fedora_2007_0316_mod_perl_fc7.nasl
2009-02-27 Name : Fedora Update for mod_perl FEDORA-2007-576
File : nvt/gb_fedora_2007_576_mod_perl_fc5.nasl
2009-02-27 Name : Fedora Update for mod_perl FEDORA-2007-577
File : nvt/gb_fedora_2007_577_mod_perl_fc6.nasl
2009-01-28 Name : SuSE Update for flash-player SUSE-SA:2007:069
File : nvt/gb_suse_2007_069.nasl
2009-01-23 Name : SuSE Update for flash-player SUSE-SA:2008:022
File : nvt/gb_suse_2008_022.nasl
2008-11-12 Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl
2008-11-12 Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win)
File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl
2008-11-01 Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin4.nasl
2008-10-16 Name : Adobe Flash Player Multiple Security Bypass Vulnerabilities (Win)
File : nvt/gb_adobe_flash_player_sec_bypass_vuln_win.nasl
2008-10-16 Name : Adobe Flash Player Multiple Security Bypass Vulnerabilities (Linux)
File : nvt/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-04 (mod_perl)
File : nvt/glsa_200705_04.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200801-07 (netscape-flash)
File : nvt/glsa_200801_07.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-21 (netscape-flash)
File : nvt/glsa_200804_21.nasl
2008-09-04 Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin2.nasl
2008-09-04 Name : FreeBSD Ports: mod_perl
File : nvt/freebsd_mod_perl.nasl
2008-09-03 Name : Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
File : nvt/flash_player_CB-A08-0059.nasl
2008-09-03 Name : Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)
File : nvt/smbcl_flash_player_CB-A08-0059.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53097 Adobe Multiple Product ActionScript 2 VM Dictionary Data Structure Character ...

52917 Adobe Flash Player ActionScript 2 VM DefineConstantPool Action Crafted PDF Fi...

51567 Adobe Flash Cross-domain Policy Canonicalization Weakness

51491 Adobe Flash Player ActionScript 2 VM Crafted PDF File Handling Multiple Actio...

50127 Adobe Flash Player Actionscript FileReference download API FileReference.down...

50126 Adobe Flash Player Actionscript FileReference upload API FileReference.browse...

49958 Adobe Flash Player Multiple Unspecified Arbitrary Remote Code Execution

49790 Adobe Flash Player ActionScript Attribute Interpretation Unspecified XSS

49785 Adobe Flash Player Policy File Interpretation Remote Non-root Domain Policy B...

49783 Adobe Flash Player on Mozilla jar: URL Unspecified Information Disclosure

49781 Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure

49780 Adobe Flash Player Unspecified Remote DNS Rebinding Weakness

49753 Adobe Flash Player HTTP Response Header XSS

48944 Adobe Flash Player Access Control Dialog Remote Security Bypass (ClickJacking)

48049 Adobe Flash Player System.setClipboard Method Remote Clipboard Hijack

41487 Adobe Flash Player Cross-domain Policy Unspecified Weakness

41475 Adobe Flash Player ActionScript 3 (AS3) Crafted SWF Arbitrary Host Portscan

34541 mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remot...

The mod_perl module for Apache HTTP Server contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the RegistryCooker.pm script not properly escaping the PATH_INFO variable before use in a regular expression. With specially crafted requests, an attacker can exhaust resources and cause the server to stop responding.
34540 mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS

The mod_perl module for Apache HTTP Server contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the PerlRun.pm script not properly escaping the PATH_INFO variable before use in a regular expression. With specially crafted requests, an attacker can exhaust resources and cause the server to stop responding.

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0627.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070614_mod_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11496.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0221.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-1126.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_flash-player-081107.nasl - Type : ACT_GATHER_INFO
2009-03-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO
2008-12-16 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-008.nasl - Type : ACT_GATHER_INFO
2008-12-16 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_6.nasl - Type : ACT_GATHER_INFO
2008-11-18 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : adobe_air_apsb08-23.nasl - Type : ACT_GATHER_INFO
2008-11-12 Name : The remote openSUSE host is missing a security update.
File : suse_flash-player-5747.nasl - Type : ACT_GATHER_INFO
2008-11-12 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-5757.nasl - Type : ACT_GATHER_INFO
2008-11-11 Name : The remote Windows host contains a browser plugin that is affected by multipl...
File : flash_player_apsb08-20.nasl - Type : ACT_GATHER_INFO
2008-10-20 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_78f456fd9c8711dda55e00163e000016.nasl - Type : ACT_GATHER_INFO
2008-04-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-21.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-5159.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote openSUSE host is missing a security update.
File : suse_flash-player-5161.nasl - Type : ACT_GATHER_INFO
2008-04-10 Name : The remote Windows host contains a browser plugin that is affected by multipl...
File : flash_player_apsb08-11.nasl - Type : ACT_GATHER_INFO
2008-01-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200801-07.nasl - Type : ACT_GATHER_INFO
2008-01-04 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_562cf6c4b9f111dca302000102cc8983.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote openSUSE host is missing a security update.
File : suse_flash-player-4855.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-4856.nasl - Type : ACT_GATHER_INFO
2007-12-19 Name : The remote Windows host contains a browser plugin that is affected by multipl...
File : flash_player_apsb07-20.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-488-1.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-0316.nasl - Type : ACT_GATHER_INFO
2007-06-18 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0486.nasl - Type : ACT_GATHER_INFO
2007-06-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2007-06-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2007-06-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-577.nasl - Type : ACT_GATHER_INFO
2007-06-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-576.nasl - Type : ACT_GATHER_INFO
2007-05-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-04.nasl - Type : ACT_GATHER_INFO
2007-04-30 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ef2ffb03f2b011dbad250010b5a0a860.nasl - Type : ACT_GATHER_INFO
2007-04-12 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-083.nasl - Type : ACT_GATHER_INFO
2006-07-18 Name : The remote host is missing Sun Security Patch number 122911-37
File : solaris10_122911.nasl - Type : ACT_GATHER_INFO
2006-07-18 Name : The remote host is missing Sun Security Patch number 122912-37
File : solaris10_x86_122912.nasl - Type : ACT_GATHER_INFO
2004-10-17 Name : The remote host is missing Sun Security Patch number 116973-07
File : solaris8_116973.nasl - Type : ACT_GATHER_INFO
2004-10-17 Name : The remote host is missing Sun Security Patch number 116974-07
File : solaris8_x86_116974.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 113146-13
File : solaris9_113146.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 114145-12
File : solaris9_x86_114145.nasl - Type : ACT_GATHER_INFO