CVE-2008-1654

Upstream information

CVE-2008-1654 at MITRE

Description

Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

SUSE Bugzilla entry: 376639 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2008:022, published Fri, 11 Apr 2008 10:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.1	`flash-player >= 9.0.124.0-0.2`
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`flash-player >= 9.0.124.0-0.1`	Builds YOU Patch Nr: 12136

CVE-2008-1654

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Solutions

Enterprise Linux

Informatique stratégique

Solutions cloud

Software-Defined Storage

Solutions SAP

Gestion des infrastructures informatiques

Produits

Rubriques populaires

Rubriques populaires

Rubriques populaires

Rubriques populaires

Rubriques populaires

Rubriques populaires

Offres de support

Ressources de support

Services

Partenaires