CERT-MU AD-2009-18
Multiple Vulnerabilities in Adobe Flash Media Server
Original issue date: 22 December, 2009
Overview
Multiple vulnerabilities have been reported in Adobe Flash Media Server (FMS), which could allow a remote attacker to cause a denial of service conditions, execute an arbitrary code or take complete control of an affected system.
Description
- Resource Exhaustion Remote Denial of Service Vulnerability
This vulnerability is caused due to an unspecified error in Adobe Flash Media Server. A remote attacker could exploit this vulnerability by sending a specially crafted data to consume excessive amount of CPU resources. Successful exploitation of this vulnerability could allow a remote attacker to cause Denial of Service (DoS) conditions.
- Adobe Flash Media Server Directory Traversal Vulnerability
This vulnerability is caused due to improper sanitization of user supplied input in Adobe Flash Media Server. A remote attacker could exploit this vulnerability via directory traversal attacks to load a specially crafted DLLs onto an affected server. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code.
Software Affected
- Multiple implementations of SSL and TLS protocols
Impact
Severity Rating: High
Solution
Update to Adobe Flash Media Server (FMS) 3.5.3
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Vendor Information
Adobe
http://www.adobe.com/support/security/bulletins/apsb09-18.html
CVE Name
CVE-2009-3791
CVE-2009-3792
References
Adobe
http://www.adobe.com/support/security/bulletins/apsb09-18.html
SecurityFocus
http://www.securityfocus.com/bid/37419
http://www.securityfocus.com/bid/37420
Secunia
http://secunia.com/advisories/37891/
SecurityTracker
http://securitytracker.com/alerts/2009/Dec/1023377.html
|
