Vulnerabilities > CVE-2008-5499 - Code Injection vulnerability in Adobe Flash Player FOR Linux
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Exploit-Db
| description | Adobe Flash Player ActionScript Launch Command Execution Vulnerability. CVE-2008-5499. Remote exploit for linux platform |
| id | EDB-ID:18761 |
| last seen | 2016-02-02 |
| modified | 2012-04-20 |
| published | 2012-04-20 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/18761/ |
| title | Adobe Flash Player ActionScript Launch Command Execution Vulnerability |
Metasploit
| description | This module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36). |
| id | MSF:EXPLOIT/LINUX/BROWSER/ADOBE_FLASHPLAYER_ASLAUNCH |
| last seen | 2020-05-26 |
| modified | 2017-08-29 |
| published | 2012-04-10 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb |
| title | Adobe Flash Player ActionScript Launch Command Execution Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_0_FLASH-PLAYER-081218.NASL description An unspecified vulnerability in flash-player allowed attackers to take control of the victim last seen 2020-06-01 modified 2020-06-02 plugin id 39961 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39961 title openSUSE Security Update : flash-player (flash-player-378) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update flash-player-378. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39961); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-5499"); script_name(english:"openSUSE Security Update : flash-player (flash-player-378)"); script_summary(english:"Check for the flash-player-378 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file (CVE-2008-5499)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=458573" ); script_set_attribute( attribute:"solution", value:"Update the affected flash-player package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"flash-player-9.0.152.0-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player"); }NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-5877.NASL description An unspecified vulnerability in flash-player allowed attackers to take control of the victim last seen 2020-06-01 modified 2020-06-02 plugin id 51729 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51729 title SuSE 10 Security Update : flash-player (ZYPP Patch Number 5877) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(51729); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-5499"); script_name(english:"SuSE 10 Security Update : flash-player (ZYPP Patch Number 5877)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file. (CVE-2008-5499)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5499.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5877."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"flash-player-9.0.152.0-0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_1_FLASH-PLAYER-081218.NASL description An unspecified vulnerability in flash-player allowed attackers to take control of the victim last seen 2020-06-01 modified 2020-06-02 plugin id 40215 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40215 title openSUSE Security Update : flash-player (flash-player-378) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1047.NASL description An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. A security flaw was found in the way Flash Player displayed certain SWF (Shockwave Flash) content. This may have made it possible to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 40736 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40736 title RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:1047) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200903-23.NASL description The remote host is affected by the vulnerability described in GLSA-200903-23 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873). The access scope of FileReference.browse() and FileReference.download() allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401). The Settings Manager controls can be disguised as normal graphical elements. This so-called last seen 2020-06-01 modified 2020-06-02 plugin id 35904 published 2009-03-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35904 title GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-5878.NASL description An unspecified vulnerability in flash-player allowed attackers to take control of the victim last seen 2020-06-01 modified 2020-06-02 plugin id 35246 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35246 title openSUSE 10 Security Update : flash-player (flash-player-5878)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/112009/adobe_flashplayer_aslaunch.rb.txt |
| id | PACKETSTORM:112009 |
| last seen | 2016-12-05 |
| published | 2012-04-20 |
| reporter | 0a29406d9794e4f9b30b3c5d6702c708 |
| source | https://packetstormsecurity.com/files/112009/Adobe-Flash-Player-ActionScript-Launch-Command-Execution.html |
| title | Adobe Flash Player ActionScript Launch Command Execution |
Redhat
| advisories |
| ||||
| rpms |
|
Saint
| bid | 32896 |
| description | Adobe Flash Player ActionScript launch command execution |
| id | misc_flash |
| osvdb | 50796 |
| title | flash_actionscript_launch |
| type | client |
Seebug
bulletinFamily exploit description BUGTRAQ ID: 32896 CVE(CAN) ID: CVE-2008-5499 Flash Player是一款非常流行的FLASH播放器。 Flash Player实现上存在漏洞,如果使用Linux版本的Adobe Flash Player打开了特制的SWF文件的话,就可能导致在用户系统上执行任意代码。 Adobe Flash Player for Linux 9.x Adobe Flash Player for Linux 10.x Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.adobe.com/go/kb406791 target=_blank>http://www.adobe.com/go/kb406791</a> <a href=http://get.adobe.com/flashplayer target=_blank>http://get.adobe.com/flashplayer</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:1047-01)以及相应补丁: RHSA-2008:1047-01:Critical: flash-plugin security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-1047.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1047.html</a> id SSV:4580 last seen 2017-11-19 modified 2008-12-23 published 2008-12-23 reporter Root title Adobe Flash Player for Linux SWF文件处理代码执行漏洞 bulletinFamily exploit description No description provided by source. id SSV:72802 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-72802 title Adobe Flash Player ActionScript Launch Command Execution Vulnerability bulletinFamily exploit description No description provided by source. id SSV:60075 last seen 2017-11-19 modified 2012-04-20 published 2012-04-20 reporter Root source https://www.seebug.org/vuldb/ssvid-60075 title Adobe Flash Player ActionScript Launch Command Execution
References
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html
- http://osvdb.org/50796
- http://secunia.com/advisories/33221
- http://secunia.com/advisories/33267
- http://secunia.com/advisories/33294
- http://secunia.com/advisories/34226
- http://security.gentoo.org/glsa/glsa-200903-23.xml
- http://www.adobe.com/support/security/bulletins/apsb08-24.html
- http://www.redhat.com/support/errata/RHSA-2008-1047.html
- http://www.securityfocus.com/bid/32896
- http://www.securitytracker.com/id?1021458
- http://www.vupen.com/english/advisories/2008/3449
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47445