| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <C2AEB4A0-EF57-48E1-AB19-01CCC545A9BA@sektioneins.de> Date: Thu, 20 Dec 2007 23:53:01 +0100 From: fukami <fukami@...tioneins.de> To: bugtraq@...urityfocus.com Cc: webappsec@...ts.owasp.org, full-disclosure <full-disclosure@...ts.grok.org.uk>, websecurity@...appsec.org Subject: Re: Design flaw in AS3 socket handling allows port probing Adobe released an article at their knowledge base regarding this issue. # Socket connection timing can reveal information about network configuration http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402956 The fix is to disable socket functionality for Flash Players version >= 9.0.115 by configuration. Take care, fukami On 09.08.2007, at 20:21, fukami wrote: > Design flaw in AS3 socket handling allows port probing > > # Summary > Due to a design flaw in ActionScript 3 socket handling, compiled > Flash movies are able to scan for open TCP ports on any host > reachable from the host running the SWF, bypassing the Flash Player > Security Sandbox Model and without the need to rebind DNS. > [...] > # PoC > * http://scan.flashsec.org/ > [...] > # CVE > * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324
Powered by blists - more mailing lists