U programskom paketu Adobe Flash Player otkriveno je nekoliko sigurnosnih propusta koji se mogu iskoristiti udaljeno za izvođenje DoS napada, pokretanje proizvoljnog programskog koda ili otkrivanje osjetljivih informacija.
Jedan od propusta je XSS tipa, a uzrokovan je nedovoljnom provjerom ulaznih vrijednosti. Većina ostalih ranjivosti očituje se kao preljev međuspremnika ili cjelobrojno prepisivanje.
Posljedica:
Svi propusti se mogu iskoristiti udaljeno, a većina ih rezultira DoS napadom i proizvoljnim izvršavanjem programskog koda. Ostali propusti se mogu iskoristiti za umetanje HTML i skriptnog koda, te otkrivanje osjetljivih podataka.
Rješenje:
Svim korisnicima se savjetuje korištenje dostupne programske nadogradnje.
Secunia Advisory SA46682
Oracle Solaris Adobe Flash Player Multiple Vulnerabilities
Release Date 2011-11-02
Criticality level Highly criticalHighly critical
Impact Cross Site Scripting
Exposure of sensitive information
System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Operating System
Oracle Solaris 11 Express
Sun Solaris 10.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-2107 CVSS available in Customer Area
CVE-2011-2110 CVSS available in Customer Area
CVE-2011-2130 CVSS available in Customer Area
CVE-2011-2134 CVSS available in Customer Area
CVE-2011-2135 CVSS available in Customer Area
CVE-2011-2136 CVSS available in Customer Area
CVE-2011-2137 CVSS available in Customer Area
CVE-2011-2138 CVSS available in Customer Area
CVE-2011-2139 CVSS available in Customer Area
CVE-2011-2140 CVSS available in Customer Area
CVE-2011-2414 CVSS available in Customer Area
CVE-2011-2415 CVSS available in Customer Area
CVE-2011-2416 CVSS available in Customer Area
CVE-2011-2417 CVSS available in Customer Area
CVE-2011-2425 CVSS available in Customer Area
Description
Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.
For more information:
SA45583
SA44846
SA44964
Solution
Apply patches.
Further details available in Customer Area
Original Advisory
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer1
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer2
Posljednje sigurnosne preporuke