|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=662
|
| |
Vulnerable Systems:
* Flash Media Server 2 version 2.0.4
Immune Systems:
* Flash Media Server 2 version 2.0.5
The Flash Media Server contains a component called the Edge server, which listens on TCP ports 1935 and 19350 for incoming connections. This port is the primary port used for client/server communication. The Edge server speaks the Real Time Message Protocol, or RTMP, a proprietary binary protocol developed by Adobe.
These vulnerabilities exist within the code responsible for parsing RTMP messages. In each case, a 32-bit value taken directly from the packet is used in an arithmetic operation to calculate the number of bytes to allocate for a dynamic buffer. This operation can overflow, which later leads to a heap overflow.
Analysis:
Exploitation of these vulnerabilities results in the execution of arbitrary code with SYSTEM level privileges. In order to exploit these vulnerabilities, an attacker only needs the ability to connect to the target server on TCP port 1935 or 19350.
Unsuccessful attempts at exploitation will likely result in the Edge server crashing. After crashing, the Edge server will be restarted automatically. This gives an attacker an unlimited number of attempts at exploitation.
Vendor response:
Adobe has addressed these vulnerabilities by releasing version 2.0.5 of Flash Media Server. For more information, consult their bulletin at the following URL: http://www.adobe.com/support/security/bulletins/apsb08-03.html
CVE Information:
CVE-2007-6149
Disclosure Timeline:
11/27/2007 - Initial vendor notification
11/27/2007 - Initial vendor response
02/12/2008 - Coordinated public disclosure
|
|
|
|
|
