lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAAJh+d6p8oV8q1o6fP-tFyoMAcbG3j25fhkiM+oFQ0sRnnt=NA@mail.gmail.com>
Date: Wed, 12 Oct 2011 19:26:26 +0300
From: Henri Lindberg <henri+fulldisclosure@...nse.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: nSENSE-2011-003: Adobe Flash Media Server

      nSense Vulnerability Research Security Advisory NSENSE-2011-003
      ---------------------------------------------------------------

      Affected Vendor:    Adobe
      Affected Product:   Adobe Flash media server
      Platform:           Linux / Windows
      Impact:             Remote Denial of Service
      Vendor response:    Patch, APSB11-20
      CVE:                CVE-2011-2132
      Credit:             Knud / nSense

      Technical details
      ---------------------------------------------------------------
      It is possible to cause a Denial of Service in Adobes Flash
      Media Server (FMS) in versions <= 3.5.6 and <=4.0.2, caused
      by a null-pointer dereference. A brief crash analysis follows:
      Program received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0xb5735b70 (LWP 6185)]
      0x08233636 in strlwr ()
      (gdb) x/i $pc
      0x8233636 <_Z6strlwrPc+22>:     movzx  eax,BYTE PTR [esi]
      (gdb) i r eax esi
      eax            0x84cc237        139248183
      esi            0x0      0

      The condition may be replicated using a web server by accessing
      the following URL: http://<target>:1111/?%


      Timeline:
      20110522     Contacted vendor
      20110523     Vendor acknowledges receipt of information
      20110523     Vendor creates ticket,# 984
      20110604     nSense requests preliminary timeline
      20110604     Vendor responds, issue reproduced & being fixed
      20110727     Vendor responds, CVE assigned, patch 20110809

      Solution
      Install the vendor supplied patch:
      http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

      Links:
      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ