Code injection vulnerability in Adobe's Flash Media Server
Adobe's Flash Media Server contains a number of critical vulnerabilities that attackers could exploit to inject and execute malicious code remotely. The vendor has released version 2.0.5 for downloading in order to remedy the vulnerabilities.
Security service provider iDefense has discovered two vulnerabilities on the server that by default listens for connections on TCP ports 1935 and 19350. The Edge Server component, which uses Adobe's proprietary Real Time Message Protocol (RTMP), is the faulty component. In the handling of RTMP packets, the server's routines accept passed values without inspection, a behaviour that reult in an integer overflow. This can cause the server to allocate a buffer that is too small for copy operations, possibly permitting the execution of injected code. In addition, a certain sequence of RTMP requests can cause the software to attempt to use memory that has already been allocated. This can also result in the execution of arbitrary code.
iDefense says that both vulnerabilities allow attackers to execute malicious code with SYSTEM
rights. Adobe recommends that administrators of Flash Media Servers install the updates as soon as possible. Restricting network port access to trusted computers may also be a good idea.
See also:
- Update available to address Flash Media Server security issues, Adobe security advisory
- Download version 2.0.5 of Adobe Flash Media Server for Linux and Windows
- Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities, iDefense security advisory
- Adobe Flash Media Server 2 Memory Corruption Vulnerability, iDefense security advisory
(mba)