Author Topic: [sec] flashplugin before version 11.2.202.481-1 is vulnerable to remote code exe  (Read 1869 times)

0 Members and 1 Guest are viewing this topic.

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru
Arch Linux Security Advisory ASA-201507-7
=========================================

Severity: Critical
Date    : 2015-07-08
CVE-ID  : CVE-2015-5119
Package : flashplugin
Type    : remote code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package flashplugin before version 11.2.202.481-1 is vulnerable to
remote code execution.

Resolution
==========

Upgrade to 11.2.202.481-1.

# pacman -Syu "flashplugin>=11.2.202.481-1"

The problem has been fixed upstream in version 11.2.202.481.

Workaround
==========

None.

Description
===========

A critical vulnerability (use-after-free in the AS3 ByteArray class) has
been identified in Adobe Flash Player 18.0.0.194 and earlier versions
for Windows, Macintosh and Linux. Successful exploitation could cause a
crash and potentially allow an attacker to take control of the affected
system.

Adobe is aware of reports that an exploit targeting this vulnerability
has been published publicly.

Impact
======

A remote attacker can execute arbitrary code on the affected host using
a crafted flash application.

References
==========

https://access.redhat.com/security/cve/CVE-2015-5119
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
https://www.kb.cert.org/vuls/id/561288
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/

Offline SMed79

  • Neuling
  • *
  • Posts: 16
    • Liste Arabe adblock
  • Branch: Stable
  • Desktop: XFCE
  • GPU Card: Radeon HD 5450
  • GPU driver: Free
  • Kernel: i686 Linux 4.1.10-1-MANJARO
  • Skill: Novice
Hi,
flashplugin 11.2.202.481 or 11.2.202.481-1 i still get the message "Adobe Plash is vulnerable ..."



http://www.manjaro.fr/forum/viewtopic.php?f=23&t=2484&p=72704#p72632
Manjaro 15.09 XFCE / i686 Linux 4.1.10-1
--
Liste AR Adblock & Liste FR author, an ad-blocking subscription for Arabic and French web sites > Forum.

Offline mips

  • Held Mitglied
  • *****
  • Posts: 2892
  • Valkyrja
  • Branch: Testing
  • Desktop: XFCE
  • GPU Card: GTX 960
  • GPU driver: video-nvidia
  • Kernel: 3.16
  • Skill: Intermediate

Offline jonathon

  • Core Team
  • *****
  • Posts: 2104
  • Technologist - Teacher - Tea drinker
  • Branch: Unstable
  • Desktop: MATE 1.14
  • GPU Card: Nvidia GTX680M
  • GPU driver: Bumblebee nvidia+intel
  • Kernel: 4.6.0-*-MANJARO x86_64
  • Skill: Advanced
Hi,
flashplugin 11.2.202.481 or 11.2.202.481-1 i still get the message "Adobe Plash is vulnerable ..."

Exit Firefox, then delete 'pluginreg.dat' from your Firefox profile directory. When you next load Firefox it will re-detect the newer version.
--
MSI GT70: Core i7-3630QM, 16GB, Nvidia GTX680M, Intel 2230, Manjaro-MATE-amd64-EFI
Lenovo X230: Core i5-3320M, 4GB, Intel HD4000, Intel 6205, Manjaro-MATE-amd64
Dell Studio 1749: Core i5 540, 8GB, ATi HD5650, Intel WLAN, Manjaro-Xfce-amd64
Let's go in the garden; you'll find something waiting.

Offline SMed79

  • Neuling
  • *
  • Posts: 16
    • Liste Arabe adblock
  • Branch: Stable
  • Desktop: XFCE
  • GPU Card: Radeon HD 5450
  • GPU driver: Free
  • Kernel: i686 Linux 4.1.10-1-MANJARO
  • Skill: Novice
Exit Firefox, then delete 'pluginreg.dat' from your Firefox profile directory. When you next load Firefox it will re-detect the newer version.
No change for me after deleting 'pluginreg.dat'

Manjaro 15.09 XFCE / i686 Linux 4.1.10-1
--
Liste AR Adblock & Liste FR author, an ad-blocking subscription for Arabic and French web sites > Forum.