nSense Vulnerability Research Security Advisory NSENSE-2011-003 --------------------------------------------------------------- Affected Vendor: Adobe Affected Product: Adobe Flash media server Platform: Linux / Windows Impact: Remote Denial of Service Vendor response: Patch, APSB11-20 CVE: CVE-2011-2132 Credit: Knud / nSense Technical details --------------------------------------------------------------- It is possible to cause a Denial of Service in Adobes Flash Media Server (FMS) in versions <= 3.5.6 and <=4.0.2, caused by a null-pointer dereference. A brief crash analysis follows: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5735b70 (LWP 6185)] 0x08233636 in strlwr () (gdb) x/i $pc 0x8233636 <_Z6strlwrPc+22>: movzx eax,BYTE PTR [esi] (gdb) i r eax esi eax 0x84cc237 139248183 esi 0x0 0 The condition may be replicated using a web server by accessing the following URL: http://:1111/?% Timeline: 20110522 Contacted vendor 20110523 Vendor acknowledges receipt of information 20110523 Vendor creates ticket,# 984 20110604 nSense requests preliminary timeline 20110604 Vendor responds, issue reproduced & being fixed 20110727 Vendor responds, CVE assigned, patch 20110809 Solution Install the vendor supplied patch: http://www.adobe.com/support/flashmediaserver/downloads_updaters.html Links: http://www.nsense.fi http://www.nsense.dk $$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s. $$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$ $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$ $$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P D r i v e n b y t h e c h a l l e n g e _