Ubuntu
flashplugin-nonfree package

CRLF injection vulnerability in Adobe Flash Player plugin

Bug #68429 reported by Kees Cook on 2006-10-26

258

Affects		Status	Importance	Assigned to	Milestone
	flashplugin-nonfree (Ubuntu)	Fix Released	Medium	Daniel T Chen

Bug Description

Version 7.0.63 and earlier are known to be vulnerable. Additionally, it seems likely, based on time frame, that this vulnerability isn't fixed in Adobe's current 7.0.68 release either.

CVE References

2006-5330

Revision history for this message

Kees Cook (kees) wrote on 2006-10-26:

I can confirm that 7.0.68 is vulnerable.

Revision history for this message

Bart Martens (bartm) wrote on 2006-10-28:

CVE 2006-5330 mentiones that 7.0.63 and earlier are known to be vulnerable. I don't find any official statement that 7.0.68 would have this vulnerability. Has anyone more info?

Changed in flashplugin-nonfree:
status:	Unconfirmed → Needs Info

Revision history for this message

Kees Cook (kees) wrote on 2006-10-28:

I used a proof-of-concept SWF to verify that the CRLF injection vulnerability still exists in 7.0.68. There's no statement about it because they appear to only be fixing the "latest" release, which is the 9.x series. :(

Changed in flashplugin-nonfree:
status:	Needs Info → Unconfirmed

Revision history for this message

Bart Martens (bartm) wrote on 2006-10-28:

Kees, where's that "proof-of-concept SWF" so that anyone can verify that 7.0.68 would have this vulnerability?

Changed in flashplugin-nonfree:
status:	Unconfirmed → Needs Info

Revision history for this message

Kees Cook (kees) wrote on 2006-10-28:

Unfortunately, the PoC isn't public. I will try to get another that is.

Martin Pitt (pitti) on 2006-10-30

Changed in flashplugin-nonfree:
assignee:	nobody → keescook

Kees Cook (kees) on 2006-11-22

Changed in flashplugin-nonfree:
assignee:	keescook → nobody

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2006-12-13:

9.0.x is now in dapper/edgy-backports.

Revision history for this message

Daniel T Chen (crimsun) wrote on 2007-01-25:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 20 Jan 2007 21:22:16 +0000
Source: flashplugin-nonfree
Binary: flashplugin-nonfree
Architecture: source
Version: 9.0.31.0.1ubuntu1
Distribution: feisty
Urgency: low
Maintainer: Bart Martens <email address hidden>
Changed-By: Daniel T Chen <email address hidden>
Description:
flashplugin-nonfree - Adobe Flash Player plugin installer
Closes: 405326 405567 405933 407243
Changes:
flashplugin-nonfree (9.0.31.0.1ubuntu1) feisty; urgency=low
.
   * Merge from Debian unstable, remaining changes:
     - debian/{config,dirs,links,postinst}:
       + Don't use /usr/lib/flashplugin-nonfree* (use
         /var/cache/flashplugin-nonfree* instead)
         (Closes Ubuntu: #80545),
     - debian/control: Don't Recommend xfs (Suggest it instead),
     - debian/prerm:
       + Also remove /var/cache/flashplugin-nonfree* ,
       + Migrate old initscript clobbering from postinst to here.
   * Rebase packaging on 9.0.31.0.1 and readd Ubuntu delta.
   * Closes Ubuntu: #68429, #73295 in a previous Debian upload.
.
flashplugin-nonfree (9.0.31.0.1) unstable; urgency=low
.
   * debian/config, debian/links, debian/postinst, debian/prerm: New plugin
     release 9,0,31,0. Closes: #407243.
   * debian/control: Updated "Depends:" with "ldd libflashplayer.so".
   * debian/po/lt.po: Replaced. Closes: #405326. Thanks to Gintautas
     Miliauskas <email address hidden>.
   * debian/control: Suggests konqueror-nsplugins. Closes: #405933.
   * debian/links: Removed symbolic link "/etc/X11/fs /usr/X11R6/lib/X11/fs".
     See version 7.0.63.6 and bug #363378. Closes: #405567.
   * debian/copyright: Updated.
Files:
6f85abf5847e3fc9c9baf87e85bdcf03 549 contrib/web optional flashplugin-nonfree_9.0.31.0.1ubuntu1.dsc
d0d0130e4796ea9a8ff4e824b78b4756 19290 contrib/web optional flashplugin-nonfree_9.0.31.0.1ubuntu1.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFuAkqe9GwFciKvaMRAjEdAJ9iPAhyVwOuK6Czm6g5/ljCJ7TR6gCePOfy
iK4Yd6m446LVfzygEwXRcmw=
=0wp/
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 20 Jan 2007 21:22:16 +0000
Source: flashplugin-nonfree
Binary: flashplugin-nonfree
Architecture: source
Version: 9.0.31.0.1ubuntu1
Distribution: feisty
Urgency: low
Maintainer: Bart Martens <bartm@knars.be>
Changed-By: Daniel T Chen <crimsun@ubuntu.com>
Description:
 flashplugin-nonfree - Adobe Flash Player plugin installer
Closes: 405326 405567 405933 407243
Changes:
 flashplugin-nonfree (9.0.31.0.1ubuntu1) feisty; urgency=low
 .
   * Merge from Debian unstable, remaining changes:
     - debian/{config,dirs,links,postinst}:
       + Don't use /usr/lib/flashplugin-nonfree* (use
         /var/cache/flashplugin-nonfree* instead)
         (Closes Ubuntu: #80545),
     - debian/control: Don't Recommend xfs (Suggest it instead),
     - debian/prerm:
       + Also remove /var/cache/flashplugin-nonfree* ,
       + Migrate old initscript clobbering from postinst to here.
   * Rebase packaging on 9.0.31.0.1 and readd Ubuntu delta.
   * Closes Ubuntu: #68429, #73295 in a previous Debian upload.
 .
 flashplugin-nonfree (9.0.31.0.1) unstable; urgency=low
 .
   * debian/config, debian/links, debian/postinst, debian/prerm: New plugin
     release 9,0,31,0.  Closes: #407243.
   * debian/control: Updated "Depends:" with "ldd libflashplayer.so".
   * debian/po/lt.po: Replaced.  Closes: #405326.  Thanks to Gintautas
     Miliauskas <gintas@akl.lt>.
   * debian/control: Suggests konqueror-nsplugins.  Closes: #405933.
   * debian/links: Removed symbolic link "/etc/X11/fs /usr/X11R6/lib/X11/fs".
     See version 7.0.63.6 and bug #363378.  Closes: #405567.
   * debian/copyright: Updated.
Files:
 6f85abf5847e3fc9c9baf87e85bdcf03 549 contrib/web optional flashplugin-nonfree_9.0.31.0.1ubuntu1.dsc
 d0d0130e4796ea9a8ff4e824b78b4756 19290 contrib/web optional flashplugin-nonfree_9.0.31.0.1ubuntu1.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFuAkqe9GwFciKvaMRAjEdAJ9iPAhyVwOuK6Czm6g5/ljCJ7TR6gCePOfy
iK4Yd6m446LVfzygEwXRcmw=
=0wp/
-----END PGP SIGNATURE-----

Changed in flashplugin-nonfree:
assignee:	nobody → crimsun
importance:	Undecided → Medium
status:	Needs Info → Fix Committed

Daniel T Chen (crimsun) on 2007-01-26

Changed in flashplugin-nonfree:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuflashplugin-nonfree package

CRLF injection vulnerability in Adobe Flash Player plugin

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
flashplugin-nonfree package