Adobe Flash Media Server < 2.0.5 Multiple Remote Vulnerabilities

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote Flash media server is affected by multiple vulnerabilities.

Description :

The remote host is running Adobe's Flash Media Server, an application
server for Flash-based applications.

The Edge server component included with the version of Flash Media
Server installed on the remote host contains several integer overflow
and memory corruption errors that can be triggered when parsing
specially crafted Real Time Message Protocol (RTMP) packets. An
unauthenticated, remote attacker can leverage these issues to crash the
affected service or execute arbitrary code with SYSTEM-level
privileges (under Windows), potentially resulting in a complete
compromise of the affected host.

See also :

http://www.nessus.org/u?1769e068
http://www.nessus.org/u?401cb634
http://archives.neohapsis.com/archives/bugtraq/2008-02/0180.html
http://archives.neohapsis.com/archives/bugtraq/2008-02/0184.html
http://www.adobe.com/support/security/bulletins/apsb08-03.html

Solution :

Upgrade to Flash Media Server 2.0.5 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 31096 (adobe_fms_2_0_5.nasl)

Bugtraq ID: 27762

CVE ID: CVE-2007-6431
CVE-2007-6148
CVE-2007-6149