Rapid7 Advisory R7-0026 HTTP Header Injection Vulnerabilities in the Flash Player Plugin Published: Oct 17, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0026.jsp 1. Affected System(s): KNOWN VULNERABLE: o Flash Player plugin 9.0.16 (for Windows) o Flash Player plugin 7.0.63 (for Linux) PROBABLY VULNERABLE: o Earlier 9.0.x and 7.0.x versions o 8.0.x versions KNOWN FIXED: o Flash Player plugin BETA version 9.0.18d60 (for Windows) 2. Summary Two HTTP Header Injection vulnerabilities have been discovered by Rapid7 in the Flash Player plugin. They allow attackers to perform arbitrary HTTP requests while controlling most of the HTTP headers. This can make it easier to perform CSRF attacks [2] in some cases. When the HTTP server implements Keep-Alive connections and when Firefox is used, these Flash vulnerabilities can even be used to perform totally arbitrary HTTP requests where every part is controlled by the attacker: HTTP method, URI, HTTP version, headers, and data. Such attacks make use of the HTTP Request Splitting method.
*sigh* I f***ing wish somebody would kill this thing once and for all :( Nevertheless, we should jsut mask < 7.0.68 which has been stabled by the last SecBump, right?
Isnt proprietory software awesome.
Yes. I suggest everybody runs this on closed source nvidia drivers for maximum fun ^^
The vuln might be fixed in the new 9.0.21.55 release, haven't tested it yet, will do so hopefully later on today.
we must find somebody with the permissions to upload a new ebuild into the tree..
net-www/netscape-flash-9.0.21.55 I'm seeing seamonkey segfault when viewing this site with net-www/netscape-flash-9.0.21.55 installed: http://www.icq.com/people/about_me.php?uin=137656739 (This is a random icq users and Not Me! ;-) I'm not sure if it's flash advertisements, or if it's related to this specific bug -- but it's proprietory code related. After emerge -C netscape-flash, bug gone! (I'm guessing this is gcc-4 related.)
Roger: Nothing we can do about it sorry, if you want to use proprietory software thats the price you pay... This looks like the correct place to report bugs in the flash player http://www.adobe.com/bin/fp9betafeedback.cgi
You're right. Bug filed upstream.
still upstream ?
I'm not 100% sure if it's really this vulnerability, but there was a silent update from Adobe, according to heisec: http://www.heise-security.co.uk/news/81268
New upstream released: 7,0,69,0. I'm not really sure wether this fixes this issue or another. Yesterdays release fixed some buffer overflows for windows and mac but not sure about Linux.
Someone checked w/ 9.0.31.0 (i.e. 9.0 final?)
7.0.68 is stable and I requested 9.0.31.0 stable in bug 167483. security: is there any special reason to keep this open any more as this is getting quite old.
(In reply to comment #13) > 7.0.68 is stable and I requested 9.0.31.0 stable in bug 167483. security: is > there any special reason to keep this open any more as this is getting quite > old. > Right, sorry, closing with noglsa due to late. Feel free to reopen if you disagree, notably if you want to call for a vote.
