[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAAJh+d6p8oV8q1o6fP-tFyoMAcbG3j25fhkiM+oFQ0sRnnt=NA@mail.gmail.com>
Date: Wed, 12 Oct 2011 19:26:26 +0300
From: Henri Lindberg <henri+fulldisclosure@...nse.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: nSENSE-2011-003: Adobe Flash Media Server
nSense Vulnerability Research Security Advisory NSENSE-2011-003
---------------------------------------------------------------
Affected Vendor: Adobe
Affected Product: Adobe Flash media server
Platform: Linux / Windows
Impact: Remote Denial of Service
Vendor response: Patch, APSB11-20
CVE: CVE-2011-2132
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
It is possible to cause a Denial of Service in Adobes Flash
Media Server (FMS) in versions <= 3.5.6 and <=4.0.2, caused
by a null-pointer dereference. A brief crash analysis follows:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5735b70 (LWP 6185)]
0x08233636 in strlwr ()
(gdb) x/i $pc
0x8233636 <_Z6strlwrPc+22>: movzx eax,BYTE PTR [esi]
(gdb) i r eax esi
eax 0x84cc237 139248183
esi 0x0 0
The condition may be replicated using a web server by accessing
the following URL: http://<target>:1111/?%
Timeline:
20110522 Contacted vendor
20110523 Vendor acknowledges receipt of information
20110523 Vendor creates ticket,# 984
20110604 nSense requests preliminary timeline
20110604 Vendor responds, issue reproduced & being fixed
20110727 Vendor responds, CVE assigned, patch 20110809
Solution
Install the vendor supplied patch:
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists