ID CVE-2007-6431 Type cve Reporter NVD Modified 2017-08-07T21:29:09
Description
Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149.
{"seebug": [{"lastseen": "2017-11-19T21:47:03", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 27762\r\nCVE(CAN) ID: CVE-2007-6149,CVE-2007-6148,CVE-2007-6431\r\n\r\nAdobe Flash Media Server\u662f\u57fa\u4e8eFlash\u5e94\u7528\u7a0b\u5e8f\u7684\u670d\u52a1\u5668\uff0c\u53ef\u63d0\u4f9b\u8fd0\u884c\u4ea4\u4e92\u5f0f\u5e94\u7528\u53ca\u97f3\u9891\u89c6\u9891\u6d41\u7684\u73af\u5883\u3002\r\n\r\nFlash Media Server\u5305\u542b\u6709\u540d\u4e3aEdge Server\u7684\u7ec4\u4ef6\uff0c\u8be5\u7ec4\u4ef6\u5728TCP 1935\u548c19350\u7aef\u53e3\u76d1\u542c\u5165\u7ad9\u8fde\u63a5\u3002Edge server\u7ec4\u4ef6\u8d1f\u8d23\u89e3\u6790RTMP\u6d88\u606f\u7684\u4ee3\u7801\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u8fde\u63a5\u5230\u4e86\u6076\u610f\u670d\u52a1\u5668\u7684\u8bdd\uff0c\u8be5\u7ec4\u4ef6\u76f4\u63a5\u4ece\u62a5\u6587\u53d6\u5f97\u4e8632\u4f4d\u503c\u5e76\u5c06\u5176\u7528\u4e8e\u8ba1\u7b97\u6240\u8981\u5206\u914d\u52a8\u6001\u7f13\u51b2\u533a\u7684\u5b57\u8282\u6570\u3002\u8fd9\u4f1a\u89e6\u53d1\u6574\u6570\u6ea2\u51fa\uff0c\u4e4b\u540e\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n\u6b64\u5916Edge Server\u7ec4\u4ef6\u7ec4\u4ef6\u5728\u89e3\u6790RTMP\u6d88\u606f\u65f6\u7279\u5b9a\u7684\u8bf7\u6c42\u5e8f\u5217\u4f1a\u5bfc\u81f4\u4f7f\u7528\u5df2\u7ecf\u91ca\u653e\u7684\u5185\u5b58\u533a\u57df\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\n\nAdobe Flash Media Server <= 2.0.4\r\nAdobe Connect Enterprise Server <= 6 SP2\n Adobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://download.macromedia.com/pub/flashmediaserver/updates/2_0_5/win/flashmediaserver2.zip target=_blank>http://download.macromedia.com/pub/flashmediaserver/updates/2_0_5/win/flashmediaserver2.zip</a>", "modified": "2008-02-21T00:00:00", "published": "2008-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2914", "id": "SSV:2914", "title": "Adobe Flash Media Server\u591a\u4e2a\u8fdc\u7a0b\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2019-01-16T20:08:07", "bulletinFamily": "scanner", "description": "The remote host is running Adobe's Flash Media Server, an application\nserver for Flash-based applications. \n\nThe Edge server component included with the version of Flash Media\nServer installed on the remote host contains several integer overflow\nand memory corruption errors that can be triggered when parsing\nspecially crafted Real Time Message Protocol (RTMP) packets. An\nunauthenticated, remote attacker can leverage these issues to crash the\naffected service or execute arbitrary code with SYSTEM-level\nprivileges (under Windows), potentially resulting in a complete\ncompromise of the affected host.", "modified": "2018-11-15T00:00:00", "published": "2008-02-15T00:00:00", "id": "ADOBE_FMS_2_0_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31096", "title": "Adobe Flash Media Server < 2.0.5 Multiple Remote Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31096);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2007-6431\", \"CVE-2007-6148\", \"CVE-2007-6149\");\n script_bugtraq_id(27762);\n script_xref(name:\"Secunia\", value:\"28946\");\n\n script_name(english:\"Adobe Flash Media Server < 2.0.5 Multiple Remote Vulnerabilities\");\n script_summary(english:\"Grabs version from a Server response header\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Flash media server is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Adobe's Flash Media Server, an application\nserver for Flash-based applications. \n\nThe Edge server component included with the version of Flash Media\nServer installed on the remote host contains several integer overflow\nand memory corruption errors that can be triggered when parsing\nspecially crafted Real Time Message Protocol (RTMP) packets. An\nunauthenticated, remote attacker can leverage these issues to crash the\naffected service or execute arbitrary code with SYSTEM-level\nprivileges (under Windows), potentially resulting in a complete\ncompromise of the affected host.\" );\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=662\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1769e068\" );\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=663\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401cb634\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2008/Feb/174\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2008/Feb/178\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb08-03.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Flash Media Server 2.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/02/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_media_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_fms_detect.nasl\");\n script_require_ports(\"Services/rtmp\", 1935, 19350);\n script_require_keys(\"rtmp/adobe_fms\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_kb_item_or_exit(\"Services/rtmp\");\nversion = get_kb_item_or_exit(\"rtmp/\" + port + \"/adobe_fms/version\");\nsource = get_kb_item_or_exit(\"rtmp/\" + port + \"/adobe_fms/version_source\");\n\nif (ver_compare(ver:version, fix:\"2.0.5\") == -1)\n{\n if (report_verbosity)\n {\n report = \n '\\n' +\n 'Version source : ' + source +\n '\\n' +\n 'Installed version : ' + version +\n '\\n' +\n 'Fixed version : 2.0.5\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"The Adobe Flash Media Server version \"+version+\" on port \"+port+\" is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}