Vulnerability Bulletins |
Vulnerabilidad CRLF en Adobe Flash Player |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Integridad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software | Adobe Flash Player 9.x, 8.x, 7.x |
Description |
|
|
Se ha descubierto una vulnerabilidad en Adobe Flash Player plugin 9.0.16 para Windows y 7.0.63 para Linux. La vulnerabilidad reside en un error al manejar las cabeceras HTTP. Un atacante remoto podría modificar las cabeceras HTTP solicitadas por un cliente víctima mediante secuencias CRLF en los argumentos de las funciones ActionScript "XML.addRequestHeader()" y "XML.contentType()". |
|
Solution |
|
|
Actualización de software Adobe Adobe Flash Player 9.0.28.0 http://www.adobe.com/support/flashplayer/downloads.html#fp9 Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Apple Mac OS X 10.3.9 Client http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13243&cat=1&platform=osx&method=sa/SecUpd2007-003Pan.dmg Mac OS X 10.3.9 Server http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13244&cat=1&platform=osx&method=sa/SecUpdSrvr2007-003Pan.dmg Mac OS X Server 10.4.9 (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13236&cat=1&platform=osx&method=sa/MacOSXServerUpd10.4.9PPC.dmg Mac OS X 10.4.9 Combo (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13206&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.9PPC.dmg Mac OS X 10.4.9 Combo (Intel) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13207&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.9Intel.dmg Mac OS X 10.4.9 (Intel) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13208&cat=1&platform=osx&method=sa/MacOSXUpd10.4.9Intel.dmg Mac OS X 10.4.9 (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13209&cat=1&platform=osx&method=sa/MacOSXUpd10.4.9PPC.dmg Mac OS X Server 10.4.9 (Universal) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13237&cat=1&platform=osx&method=sa/MacOSXServerUpd10.4.9Univ.dmg Mac OS X Server 10.4.9 Combo (Universal) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13238&cat=1&platform=osx&method=sa/MacOSXSrvrCombo10.4.9Univ.dmg Mac OS X Server 10.4.9 Combo (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13239&cat=1&platform=osx&method=sa/MacOSXSrvrCombo10.4.9PPC.dmg Sun(102932) Solaris 10 / SPARC / patch 125332-01 Solaris 10 / x86 / patch 125333-01 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-5330 |
| BID | |
Other resources |
|
|
Adobe Security Advisories(APSA06-01) http://www.adobe.com/support/security/advisories/apsa06-01.html Adobe Security Advisories (APSB06-18) http://www.adobe.com/support/security/bulletins/apsb06-18.html SUSE Security Advisory (SUSE-SA:2006:077) http://www.novell.com/linux/security/advisories/2006_77_flashplayer.html Apple Security Update 2007-003 (305214) http://docs.info.apple.com/article.html?artnum=305214 Sun Alert Notification (102932) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-10-19 |
| 1.1 | Aviso actualizado por Adobe (APSB06-18) | 2006-11-15 |
| 1.2 | Aviso emitido por Suse (SUSE-SA:2006:077) | 2006-12-15 |
| 1.3 | Aviso emitido por Apple (305214) | 2007-03-16 |
| 1.4 | Aviso emitido por Sun (102932) | 2007-05-31 |