|
Note: This is an archival copy of Security Sun Alert 254909 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020254.1. |
Category Security Release Phase Resolved 6811035, 6764865 Product Solaris 10 Operating System OpenSolaris Date of Workaround Release 16-Mar-2009 Date of Resolved Release 06-Apr-2009 Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris 10 (Adobe Security Bulletin APSB09-01) 1. Impact Multiple security vulnerabilities in Adobe Flash Player distributed with Solaris may allow a remote unprivileged user to execute arbitrary commands with the privileges of a local user on the system, or cause the web browser to crash if a malicious Shockwave Flash (SWF) file is loaded with the affected plugin. Being able to crash a web browser is a type of Denial of Service (DoS). In addition, a 'clickjacking' vulnerability in the Adobe Flash Player Settings Manager may allow a remote user to obtain sensitive information or execute arbitrary code on the system if a local user clicks on misleading Adobe Flash Player dialogues. These issues are described in the following documents: Adobe Security Bulletin ABSP09-01 at http://www.adobe.com/support/security/bulletins/apsb09-01.html
CVE-2009-0519 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519 CVE-2009-0520 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520 CVE-2009-0114 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0114 2. Contributing Factors These issues can occur in the following releases: SPARC Platform
1. These issues can occur in Adobe Flash Player version 9.0 r151 and earlier for Solaris 10. 2. Solaris 8 and Solaris 9 are not affected by these issues. OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows: $ uname -aThe Adobe Flash Player shipped with Solaris is a web browser plugin, meaning that the web browser should be used to determine the version of the Flash Player in use. For example, when using the Mozilla Browser, visit the following URL: about:plugins
and search for the Flash Player in the list of plugins. 3. Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. 4. Workaround To avoid these issues until patches become available, Adobe Flash Player can be removed from the system by using the pkgrm(1) utility to remove the SUNW-flash-player-plugin package. 5. Resolution These issues are addressed in the following releases: SPARC Platform
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Modification History 06-Apr-2009: Updated Contributing Factors and Resolution sections; issue Resolved References125332-05125333-05 Attachments This solution has no attachment | |||||||||||||||
|
|