|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12759] Flash Messaging Server Denial of Service Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Oct 08 2004 - 04:05:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Flash Messaging Server Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA12759
VERIFY ADVISORY:
http://secunia.com/advisories/12759/
CRITICAL:
Less critical
IMPACT:
Security Bypass, DoS
WHERE:
From local network
SOFTWARE:
Flash Messaging 5.x
http://secunia.com/product/4017/
DESCRIPTION:
Luigi Auriemma has reported a vulnerability in Flash Messaging
server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
The vulnerability is caused due to an input validation error in the
handling of wide chars (16-bit). This can be exploited to cause a
vulnerable server to crash by sending some specially crafted wide
characters from the client.
It has also been reported that a client can avoid being kicked by
e.g. ignoring the shutdown command.
The vulnerability has been reported in version 5.2.0g (rev 1.1.2).
Other versions may also be affected.
SOLUTION:
Restrict access to the Flash Messaging server.
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/flashmsg-adv.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]