CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2010-18

Adobe Flash Media Server Code Execution and DoS Vulnerabilities

Original Issue Date: August 18, 2010

Severity Rating: High

Systems Affected

Flash Media Server 3.5.3 and earlier versions
Flash Media Server 3.0.5 and earlier versions

Overview

Multiple vulnerabilities have been reported in Adobe Flash Media Server, which could allow remote attackers to cause a denial of service or could compromise a system installed with vulnerable version of software.

Description

The Remote Code Execution vulnerability (CVE-2010-2217) is caused due to an unspecified error related to JS method, which could allow attackers to cause denial of service condition.
The Remote Denial of Service Vulnerability (CVE-2010-2218) is caused due to an unspecified error related to JS method, which could allow attackers to execute arbitrary code.
The Remote Denial of Service Vulnerability (CVE-2010-2219) is caused due to an unspecified memory exhaustion error, which could allow attackers to cause denial of service condition.
The Remote Denial of Service Vulnerability (CVE-2010-2220) is caused due to an unspecified input validation error, which could allow attackers to cause denial of service condition.

Solution

Install updates as suggested in APSB10-19
Upgrade to Adobe Flash Media Server version 3.5.4 or 3.0.6 :
http://www.adobe.com/support/flashmediaserver/downloadsupdaters.html

Vendor Information

Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb10-19.html
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

References

Adobe
http://www.adobe.com/support/security/bulletins/apsb10-19.html http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

Security Tracker
http://securitytracker.com/alerts/2010/Aug/1024315.html

VUPEN
http://www.vupen.com/english/advisories/2010/2066

SecurityFocus
http://www.securityfocus.com/bid/42352
http://www.securityfocus.com/bid/42354
http://www.securityfocus.com/bid/42356
http://www.securityfocus.com/bid/42357

CVE Name
CVE-2010-2217
CVE-2010-2218
CVE-2010-2219
CVE-2010-2220

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.