Vulnerabilities > CVE-2007-6149 - Numeric Errors vulnerability in Adobe Connect Enterprise Server and Flash Media Server 2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gain a shell remotely |
NASL id | ADOBE_FMS_2_0_5.NASL |
description | The remote host is running Adobe |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 31096 |
published | 2008-02-15 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/31096 |
title | Adobe Flash Media Server < 2.0.5 Multiple Remote Vulnerabilities |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 27762 CVE(CAN) ID: CVE-2007-6149,CVE-2007-6148,CVE-2007-6431 Adobe Flash Media Server是基于Flash应用程序的服务器,可提供运行交互式应用及音频视频流的环境。 Flash Media Server包含有名为Edge Server的组件,该组件在TCP 1935和19350端口监听入站连接。Edge server组件负责解析RTMP消息的代码存在多个整数溢出漏洞。如果用户受骗连接到了恶意服务器的话,该组件直接从报文取得了32位值并将其用于计算所要分配动态缓冲区的字节数。这会触发整数溢出,之后导致堆溢出。 此外Edge Server组件组件在解析RTMP消息时特定的请求序列会导致使用已经释放的内存区域,这可能导致执行任意代码。 Adobe Flash Media Server <= 2.0.4 Adobe Connect Enterprise Server <= 6 SP2 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://download.macromedia.com/pub/flashmediaserver/updates/2_0_5/win/flashmediaserver2.zip target=_blank>http://download.macromedia.com/pub/flashmediaserver/updates/2_0_5/win/flashmediaserver2.zip</a> |
id | SSV:2914 |
last seen | 2017-11-19 |
modified | 2008-02-21 |
published | 2008-02-21 |
reporter | Root |
title | Adobe Flash Media Server多个远程溢出漏洞 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=662
- http://secunia.com/advisories/28946
- http://secunia.com/advisories/28947
- http://www.adobe.com/support/security/bulletins/apsb08-03.html
- http://www.adobe.com/support/security/bulletins/apsb08-04.html
- http://www.securityfocus.com/bid/27762
- http://www.securitytracker.com/id?1019399
- http://www.vupen.com/english/advisories/2008/0538/references
- http://www.vupen.com/english/advisories/2008/0539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40471