lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <DD867751442E42BC9001D50B6DAC4222@W340> Date: Wed, 13 Jul 2016 00:54:46 +0200 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: <bugtraq@...urityfocus.com> Cc: fulldisclosure@...lists.org Subject: [FD] [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers Hi @ll, the executable installers of Flash Player released 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained: they create(d) and use(d) UNSAFE temporary subdirectories into which they copy/ied themselves and extract(ed) a file "fpb.tmp" which they load(ed) and execute(d) later with elevated privileges. An unprivileged user can/could overwrite both files between creation and execution and gain elevation of privilege. See <https://cwe.mitre.org/data/definitions/379.html> for this type of well-known and well-documented vulnerability! stay tuned Stefan Kanthak Timeline: ~~~~~~~~~ 2016-03-12 initial report sent to Adobe PSIRT 2016-03-13 Adobe PSIRT acknowledges vulnerability and assigns PSIRT-4904 2016-04-06 Adobe PSIRT informs about CVE assigned and upcoming fix scheduled for release later that week 2016-04-17 notification sent to Adobe PSIRT: fix is incomplete, vulnerability persists 2016-04-17 Adobe PSIRT acknowledges receipt of second report 2016-04-17 Adobe PSIRT acknowledges vulnerability ... again 2016-06-17 Adobe released fixed Flash Player (un)installers, report for CVE-2016-1014 published 2016-06-17 new report sent to Adobe PSIRT: unsafe TEMP directory allows escalation of privilege 2016-06-17 Adobe PSIRT acknowledges receipt 2016-06-17 Adobe PSIRT acknowledges vulnerability and assigns PSIRT-5480 2016-07-10 Adobe PSIRT informs about CVE assigned and upcoming fix scheduled for release later this week 2016-07-12 Adobe released fixed Flash Player (un)installers, report for CVE-2016-4247 published _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists