[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] nSENSE-2011-003: Adobe Flash Media Server

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] nSENSE-2011-003: Adobe Flash Media Server
From: Henri Lindberg <henri+fulldisclosure@xxxxxxxxx>
Date: Wed, 12 Oct 2011 19:26:26 +0300

      nSense Vulnerability Research Security Advisory NSENSE-2011-003
      ---------------------------------------------------------------

      Affected Vendor:    Adobe
      Affected Product:   Adobe Flash media server
      Platform:           Linux / Windows
      Impact:             Remote Denial of Service
      Vendor response:    Patch, APSB11-20
      CVE:                CVE-2011-2132
      Credit:             Knud / nSense

      Technical details
      ---------------------------------------------------------------
      It is possible to cause a Denial of Service in Adobes Flash
      Media Server (FMS) in versions <= 3.5.6 and <=4.0.2, caused
      by a null-pointer dereference. A brief crash analysis follows:
      Program received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0xb5735b70 (LWP 6185)]
      0x08233636 in strlwr ()
      (gdb) x/i $pc
      0x8233636 <_Z6strlwrPc+22>:     movzx  eax,BYTE PTR [esi]
      (gdb) i r eax esi
      eax            0x84cc237        139248183
      esi            0x0      0

      The condition may be replicated using a web server by accessing
      the following URL: http://<target>:1111/?%


      Timeline:
      20110522     Contacted vendor
      20110523     Vendor acknowledges receipt of information
      20110523     Vendor creates ticket,# 984
      20110604     nSense requests preliminary timeline
      20110604     Vendor responds, issue reproduced & being fixed
      20110727     Vendor responds, CVE assigned, patch 20110809

      Solution
      Install the vendor supplied patch:
      http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

      Links:
      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Supermicro IPMI documentation omission: presence of second admin account
Next by Date: [Full-disclosure] nSense-2011-004: Azeotech DAQFactory
Previous by thread: [Full-disclosure] Supermicro IPMI documentation omission: presence of second admin account
Next by thread: [Full-disclosure] nSense-2011-004: Azeotech DAQFactory
Index(es):
- Date
- Thread