[Openvas-commits] r9427 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Nov 17 13:06:05 CET 2010 

Author: reinke
Date: 2010-11-17 13:06:02 +0100 (Wed, 17 Nov 2010)
New Revision: 9427

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/freebsd_firefox52.nasl
   trunk/openvas-plugins/scripts/freebsd_linux-flashplugin11.nasl
Log:


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2010-11-17 11:54:52 UTC (rev 9426)
+++ trunk/openvas-plugins/ChangeLog	2010-11-17 12:06:02 UTC (rev 9427)
@@ -1,3 +1,9 @@
+2010-11-17 Thomas Reinke <reinke at securityspace.com>
+
+	* scripts/freebsd_firefox52.nasl,
+	scripts/freebsd_linux-flashplugin11.nasl:
+	Shortened description
+
 2010-11-17  Michael Meyer <michael.meyer at greenbone.net>
 
 	* scripts/gb_perl_cgi_44892.nasl:

Modified: trunk/openvas-plugins/scripts/freebsd_firefox52.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_firefox52.nasl	2010-11-17 11:54:52 UTC (rev 9426)
+++ trunk/openvas-plugins/scripts/freebsd_firefox52.nasl	2010-11-17 12:06:02 UTC (rev 9427)
@@ -46,98 +46,9 @@
    seamonkey
    thunderbird
 
-CVE-2010-3170
-Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
-before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
-recognize a wildcard IP address in the subject's Common Name field of
-an X.509 certificate, which might allow man-in-the-middle attackers to
-spoof arbitrary SSL servers via a crafted certificate issued by a
-legitimate Certification Authority.
+For details on the issues addressed, please visit the referenced
+security advisories.
 
-CVE-2010-3173
-The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
-before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
-SeaMonkey before 2.0.9 does not properly set the minimum key length
-for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
-remote attackers to defeat cryptographic protection mechanisms via a
-brute-force attack.
-
-CVE-2010-3174
-Unspecified vulnerability in the browser engine in Mozilla Firefox
-3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
-2.0.9 allows remote attackers to cause a denial of service (memory
-corruption and application crash) or possibly execute arbitrary code
-via unknown vectors.
-
-CVE-2010-3175
-Multiple unspecified vulnerabilities in the browser engine in Mozilla
-Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow
-remote attackers to cause a denial of service (memory corruption and
-application crash) or possibly execute arbitrary code via unknown
-vectors.
-
-CVE-2010-3176
-Multiple unspecified vulnerabilities in the browser engine in Mozilla
-Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
-before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow
-remote attackers to cause a denial of service (memory corruption and
-application crash) or possibly execute arbitrary code via unknown
-vectors.
-
-CVE-2010-3177
-Multiple cross-site scripting (XSS) vulnerabilities in the Gopher
-parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and
-SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web
-script or HTML via a crafted name of a (1) file or (2) directory on a
-Gopher server.
-
-CVE-2010-3178
-Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
-before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not
-properly handle certain modal calls made by javascript: URLs in
-circumstances related to opening a new window and performing
-cross-domain navigation, which allows remote attackers to bypass the
-Same Origin Policy via a crafted HTML document.
-
-CVE-2010-3179
-Stack-based buffer overflow in the text-rendering functionality in
-Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
-before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
-remote attackers to execute arbitrary code or cause a denial of
-service (memory corruption and application crash) via a long argument
-to the document.write method.
-
-CVE-2010-3180
-Use-after-free vulnerability in the nsBarProp function in Mozilla
-Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
-3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
-attackers to execute arbitrary code by accessing the locationbar
-property of a closed window.
-
-CVE-2010-3181
-Untrusted search path vulnerability in Mozilla Firefox before 3.5.14
-and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
-3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to
-gain privileges via a Trojan horse DLL in the current working
-directory.
-
-CVE-2010-3182
-A certain application-launch script in Mozilla Firefox before 3.5.14
-and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
-3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
-directory name in the LD_LIBRARY_PATH, which allows local users to
-gain privileges via a Trojan horse shared library in the current
-working directory.
-
-CVE-2010-3183
-The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and
-3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5,
-and SeaMonkey before 2.0.9 does not properly support
-window.__lookupGetter__ function calls that lack arguments, which
-allows remote attackers to execute arbitrary code or cause a denial of
-service (incorrect pointer dereference and application crash) via a
-crafted HTML document.
-
 Solution:
 Update your system with the appropriate patches or
 software upgrades.

Modified: trunk/openvas-plugins/scripts/freebsd_linux-flashplugin11.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_linux-flashplugin11.nasl	2010-11-17 11:54:52 UTC (rev 9426)
+++ trunk/openvas-plugins/scripts/freebsd_linux-flashplugin11.nasl	2010-11-17 12:06:02 UTC (rev 9427)
@@ -43,159 +43,9 @@
    linux-f8-flashplugin
    linux-f10-flashplugin
 
-CVE-2010-3636
-Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on
-Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does
-not properly handle unspecified encodings during the parsing of a
-cross-domain policy file, which allows remote web servers to bypass
-intended access restrictions via unknown vectors.
+For details on the issues addressed, please visit the referenced
+security advisories.
 
-CVE-2010-3637
-An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0
-and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote
-attackers to execute arbitrary code or cause a denial of service
-(memory corruption) via a crafted FLV video.
-
-CVE-2010-3638
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows
-attackers to obtain sensitive information via unknown vectors.
-
-CVE-2010-3639
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to cause a denial of service or
-possibly execute arbitrary code via unknown vectors.
-
-CVE-2010-3640
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3641, CVE-2010-3642,
-CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3641
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3642,
-CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3642
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3643
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3644
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3645
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3646
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645,
-CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3647
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645,
-CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3648
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645,
-CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3649
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645,
-CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and
-CVE-2010-3652.
-
-CVE-2010-3650
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645,
-CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and
-CVE-2010-3652.
-
-CVE-2010-3652
-Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and
-10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and
-10.1.95.1 on Android, allows attackers to execute arbitrary code or
-cause a denial of service (memory corruption) via unknown vectors, a
-different vulnerability than CVE-2010-3640, CVE-2010-3641,
-CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645,
-CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and
-CVE-2010-3650.
-
-CVE-2010-3654
-Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on
-Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and
-authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe
-Reader and Acrobat 9.x through 9.4, allows remote attackers to execute
-arbitrary code or cause a denial of service (memory corruption and
-application crash) via crafted SWF content, as exploited in the wild
-in October 2010.
-
 Solution:
 Update your system with the appropriate patches or
 software upgrades.

More information about the Openvas-commits mailing list