CRLF injection vulnerability in Adobe Flash Player plugin

Bug #68429 reported by Kees Cook on 2006-10-26
258
Affects Status Importance Assigned to Milestone
flashplugin-nonfree (Ubuntu)
Medium
Daniel T Chen

Bug Description

Version 7.0.63 and earlier are known to be vulnerable. Additionally, it seems likely, based on time frame, that this vulnerability isn't fixed in Adobe's current 7.0.68 release either.

CVE References

Kees Cook (kees) wrote :

I can confirm that 7.0.68 is vulnerable.

Bart Martens (bartm) wrote :

CVE 2006-5330 mentiones that 7.0.63 and earlier are known to be vulnerable. I don't find any official statement that 7.0.68 would have this vulnerability. Has anyone more info?

Changed in flashplugin-nonfree:
status: Unconfirmed → Needs Info
Kees Cook (kees) wrote :

I used a proof-of-concept SWF to verify that the CRLF injection vulnerability still exists in 7.0.68. There's no statement about it because they appear to only be fixing the "latest" release, which is the 9.x series. :(

Changed in flashplugin-nonfree:
status: Needs Info → Unconfirmed
Bart Martens (bartm) wrote :

Kees, where's that "proof-of-concept SWF" so that anyone can verify that 7.0.68 would have this vulnerability?

Changed in flashplugin-nonfree:
status: Unconfirmed → Needs Info
Kees Cook (kees) wrote :

Unfortunately, the PoC isn't public. I will try to get another that is.

Martin Pitt (pitti) on 2006-10-30
Changed in flashplugin-nonfree:
assignee: nobody → keescook
Kees Cook (kees) on 2006-11-22
Changed in flashplugin-nonfree:
assignee: keescook → nobody
Timo Aaltonen (tjaalton) wrote :

9.0.x is now in dapper/edgy-backports.

Daniel T Chen (crimsun) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 20 Jan 2007 21:22:16 +0000
Source: flashplugin-nonfree
Binary: flashplugin-nonfree
Architecture: source
Version: 9.0.31.0.1ubuntu1
Distribution: feisty
Urgency: low
Maintainer: Bart Martens <email address hidden>
Changed-By: Daniel T Chen <email address hidden>
Description:
 flashplugin-nonfree - Adobe Flash Player plugin installer
Closes: 405326 405567 405933 407243
Changes:
 flashplugin-nonfree (9.0.31.0.1ubuntu1) feisty; urgency=low
 .
   * Merge from Debian unstable, remaining changes:
     - debian/{config,dirs,links,postinst}:
       + Don't use /usr/lib/flashplugin-nonfree* (use
         /var/cache/flashplugin-nonfree* instead)
         (Closes Ubuntu: #80545),
     - debian/control: Don't Recommend xfs (Suggest it instead),
     - debian/prerm:
       + Also remove /var/cache/flashplugin-nonfree* ,
       + Migrate old initscript clobbering from postinst to here.
   * Rebase packaging on 9.0.31.0.1 and readd Ubuntu delta.
   * Closes Ubuntu: #68429, #73295 in a previous Debian upload.
 .
 flashplugin-nonfree (9.0.31.0.1) unstable; urgency=low
 .
   * debian/config, debian/links, debian/postinst, debian/prerm: New plugin
     release 9,0,31,0. Closes: #407243.
   * debian/control: Updated "Depends:" with "ldd libflashplayer.so".
   * debian/po/lt.po: Replaced. Closes: #405326. Thanks to Gintautas
     Miliauskas <email address hidden>.
   * debian/control: Suggests konqueror-nsplugins. Closes: #405933.
   * debian/links: Removed symbolic link "/etc/X11/fs /usr/X11R6/lib/X11/fs".
     See version 7.0.63.6 and bug #363378. Closes: #405567.
   * debian/copyright: Updated.
Files:
 6f85abf5847e3fc9c9baf87e85bdcf03 549 contrib/web optional flashplugin-nonfree_9.0.31.0.1ubuntu1.dsc
 d0d0130e4796ea9a8ff4e824b78b4756 19290 contrib/web optional flashplugin-nonfree_9.0.31.0.1ubuntu1.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFuAkqe9GwFciKvaMRAjEdAJ9iPAhyVwOuK6Czm6g5/ljCJ7TR6gCePOfy
iK4Yd6m446LVfzygEwXRcmw=
=0wp/
-----END PGP SIGNATURE-----

Changed in flashplugin-nonfree:
assignee: nobody → crimsun
importance: Undecided → Medium
status: Needs Info → Fix Committed
Daniel T Chen (crimsun) on 2007-01-26
Changed in flashplugin-nonfree:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers