Update Protection against Adobe Flash Media Server Resource Exhaustion Denial of Service Vulnerability (APSB09-18)
| Check Point Reference: | CPAI-2009-255 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe Security Bulletin - APSB09-18 | |
| Industry Reference(s): | CVE-2009-3791 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Windows Server 2003 SP2 Windows Server 2003 for x64-based Systems SP2 Windows Server 2003 with SP2 (Itanium) Windows Server 2008 for x64-based Systems | ||
| Vulnerability Description A resource exhaustion vulnerability has been discovered in Adobe Flash Media Server (FMS). Flash Media Server (FMS) is an application server for Flash-based applications. Successful exploitation of this issue will create a denial of service condition, causing the application to become non-responsive. |
||
|
Update/Patch Available Apply patches: Adobe Security Bulletin - APSB09-18 |
|
|
Vulnerability Details The vulnerability is due to resource exhaustion in the Adobe Flash Media Server. A remote attacker may exploit this issue by sending a specially crafted RTMP packet to the vulnerable server. Successful exploitation will create a denial of service condition, causing the application to become non-responsive. |
Protection Overview
This protection will detect and block attempts to transfer malformed RTMP packets sent to the vulnerable server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.