Adobe FMS 3.5.6 / 4.0.2 Denial Of Service

Adobe FMS 3.5.6 / 4.0.2 Denial Of Service: Posted Oct 13, 2011; Authored by Knud | Site nsense.fi; nSense Vulnerability Research Security Advisory - Adobe Flash Media Servers (FMS) versions 3.5.6 and below and 4.0.2 and below suffer from a denial of service vulnerability.; tags | advisory, denial of service; advisories | CVE-2011-2132; SHA-256 | 7e626c6eab58c87b89031859246abce098102e446fc040aa85a6e11b9a71fbc7; Download | Favorite | View

Adobe FMS 3.5.6 / 4.0.2 Denial Of Service

      nSense Vulnerability Research Security Advisory NSENSE-2011-003
      ---------------------------------------------------------------

      Affected Vendor:    Adobe
      Affected Product:   Adobe Flash media server
      Platform:           Linux / Windows
      Impact:             Remote Denial of Service
      Vendor response:    Patch, APSB11-20
      CVE:                CVE-2011-2132
      Credit:             Knud / nSense

      Technical details
      ---------------------------------------------------------------
      It is possible to cause a Denial of Service in Adobes Flash
      Media Server (FMS) in versions <= 3.5.6 and <=4.0.2, caused
      by a null-pointer dereference. A brief crash analysis follows:
      Program received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0xb5735b70 (LWP 6185)]
      0x08233636 in strlwr ()
      (gdb) x/i $pc
      0x8233636 <_Z6strlwrPc+22>:     movzx  eax,BYTE PTR [esi]
      (gdb) i r eax esi
      eax            0x84cc237        139248183
      esi            0x0      0

      The condition may be replicated using a web server by accessing
      the following URL: http://<target>:1111/?%


      Timeline:
      20110522     Contacted vendor
      20110523     Vendor acknowledges receipt of information
      20110523     Vendor creates ticket,# 984
      20110604     nSense requests preliminary timeline
      20110604     Vendor responds, issue reproduced & being fixed
      20110727     Vendor responds, CVE assigned, patch 20110809

      Solution
      Install the vendor supplied patch:
      http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

      Links:
      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

Top Authors In Last 30 Days

Red Hat 307 files
indoushka 123 files
Ubuntu 92 files
Gentoo 32 files
Debian 21 files
LiquidWorm 19 files
Google Security Research 8 files
malvuln 5 files
verylazytech 3 files
Seth Jenkins 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,634)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,102)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,937)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

Adobe FMS 3.5.6 / 4.0.2 Denial Of Service

Adobe FMS 3.5.6 / 4.0.2 Denial Of Service

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Adobe FMS 3.5.6 / 4.0.2 Denial Of Service

Share This

Adobe FMS 3.5.6 / 4.0.2 Denial Of Service

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems