Vulners
Lucene search
Adobe FMS 3.5.6 / 4.0.2 Denial Of Service
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Adobe Flash Media server < 3.5.7 / 4.0.3 Multiple Vulnerabilities (APSB11-20) | 10 Aug 201100:00 | – | nessus |
| Adobe Flash Media Server < 3.5.7 / 4.0.3 Denial of Service (APSB11-20) | 10 Aug 201100:00 | – | nessus |
 | CVE-2011-2132 | 9 Aug 201100:00 | – | circl |
 | CVE-2011-2132 | 11 Aug 201122:00 | – | cve |
 | CVE-2011-2132 | 11 Aug 201122:00 | – | cvelist |
 | EUVD-2011-2124 | 7 Oct 202500:30 | – | euvd |
 | KLA10031 Critical vulnerabilities in Adobe Flash Media Server | 9 Aug 201100:00 | – | kaspersky |
 | CVE-2011-2132 | 11 Aug 201122:55 | – | nvd |
 | Adobe Flash Media Server Remote Denial of Service Vulnerability (Aug 2011) | 18 Aug 201100:00 | – | openvas |
 | Memory corruption | 11 Aug 201122:55 | – | prion |
10
nSense Vulnerability Research Security Advisory NSENSE-2011-003
---------------------------------------------------------------
Affected Vendor: Adobe
Affected Product: Adobe Flash media server
Platform: Linux / Windows
Impact: Remote Denial of Service
Vendor response: Patch, APSB11-20
CVE: CVE-2011-2132
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
It is possible to cause a Denial of Service in Adobes Flash
Media Server (FMS) in versions <= 3.5.6 and <=4.0.2, caused
by a null-pointer dereference. A brief crash analysis follows:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5735b70 (LWP 6185)]
0x08233636 in strlwr ()
(gdb) x/i $pc
0x8233636 <_Z6strlwrPc+22>: movzx eax,BYTE PTR [esi]
(gdb) i r eax esi
eax 0x84cc237 139248183
esi 0x0 0
The condition may be replicated using a web server by accessing
the following URL: http://<target>:1111/?%
Timeline:
20110522 Contacted vendor
20110523 Vendor acknowledges receipt of information
20110523 Vendor creates ticket,# 984
20110604 nSense requests preliminary timeline
20110604 Vendor responds, issue reproduced & being fixed
20110727 Vendor responds, CVE assigned, patch 20110809
Solution
Install the vendor supplied patch:
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Oct 2011 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.07774