|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=663
|
| |
Vulnerable Systems:
* Flash Media Server 2 version 2.0.4
Immune Systems:
* Flash Media Server 2 version 2.0.5
The Flash Media Server contains a component called the Edge server, which listens on TCP ports 1935 and 19350 for incoming connections. This port is the primary port used for client/server communication. The Edge server speaks the Real Time Message Protocol, or RTMP, a proprietary binary protocol developed by Adobe.
This vulnerability exists within the code responsible for parsing RTMP messages. A certain sequence of requests can lead to an area of memory being used after it has been released. This leads to the execution of arbitrary code.
Analysis:
Exploitation of this vulnerability results in the execution of arbitrary code with SYSTEM level privileges. In order to exploit this vulnerability, an attacker only needs the ability to connect to the target server on TCP port 1935 or 19350.
Unsuccessful attempts at exploitation will likely result in the Edge server crashing. After crashing, the Edge server will be restarted automatically. This gives an attacker an unlimited number of attempts at exploitation.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
Vendor response:
Adobe has addressed this vulnerability by releasing version 2.0.5 of Flash Media Server. For more information, consult their bulletin at the following URL: http://www.adobe.com/support/security/bulletins/apsb08-03.html
CVE Information:
CVE-2007-6148
Disclosure Timeline:
11/27/2007 - Initial vendor notification
11/27/2007 - Initial vendor response
02/12/2008 - Coordinated public disclosure
|
|
|
|
|
