(Adobe Issues Fix for Adobe Connect Enterprise Server) Adobe Flash Media Server RTMP Memory Corruption Error Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019401 |
|
SecurityTracker URL: http://securitytracker.com/id/1019401
|
|
CVE Reference:
CVE-2007-6148
(Links to External Site)
|
Date: Feb 13 2008
|
Impact:
Execution of arbitrary code via network, Root access via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Enterprise Server 6
|
Description:
A vulnerability was reported in Adobe Flash Media Server. A remote user can execute arbitrary code on the target system. Adobe Connect Enterprise Server is affected.
A remote user can send a specially crafted sequence of Real Time Message Protocol (RTMP) messages to the Edge server on TCP port 1935 or 19350 to trigger a memory access error and execute arbitrary code on the target system. The code will run with the privileges of the target service (System privileges on Windows-based systems).
The vendor was notified on November 27, 2007.
Sean Larsson, VeriSign iDefense Labs, reported this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
Adobe has issued a fix for Adobe Connect Enterprise Server (Adobe Connect 6 Service Pack 3 Update), which is affected by this vulnerability.
The Adobe advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb08-04.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb08-04.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 13 Feb 2008 00:21:24 -0500
Subject: Update available to address Adobe Connect Enterprise Server security issues
|
http://www.adobe.com/support/security/bulletins/apsb08-04.html
CVE-2007-6431, CVE-2007-6148, CVE-2007-6149
|
|
