Updated rtmpdump packages fix security vulnerabilities

The rtmpdump package has been updated to the latest upstream code as of January 1, 2016, fixing several security issues...

RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0067 RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability January 7, 2016 CVE Number CVE-2015-8271 Description The vulnerability occurs within the AMF3CDAddProp function within amf.c. If an attacker sets up a malicious RTMP Media serve...

RTMPDump rtmpsrv PlayPath Null Pointer Dereference

Talos Vulnerability Report TALOS-2016-0068 RTMPDump rtmpsrv PlayPath Null Pointer Dereference January 7, 2016 CVE Number CVE-2015-8272 Description A vulnerability exists in rtmpsrv in which an attacker can entice a user to utilize rtmpsrv to save an RTMP media stream that is missing a playpath...

RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0066 RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability January 7, 2016 CVE Number CVE-2015-8270 Description The vulnerability occurs within the AMF3ReadString function within amf.c. If an attacker sets up a malicious RTMP Media server that...

rtmpdump: multiple issues

Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues...

WowzaMediaServer SecureToken bypass (and worse)

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the properties...