Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:4F44BB9B106D32B4E5A9989D23C2AB87
HistoryJun 02, 2017 - 12:00 a.m.

USN-3283-1: rtmpdump vulnerabilities | Cloud Foundry

2017-06-0200:00:00
Cloud Foundry
www.cloudfoundry.org
31

EPSS

0.033

Percentile

91.3%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • 3263.x versions prior to 3263.26
    • 3312.x versions prior to 3312.26
    • 3363.x versions prior to 3363.24
    • All other stemcells not listed.
  • All versions of Cloud Foundry cflinuxfs2 prior to 1.119.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH stemcells:
    • Upgrade 3263.x versions to 3263.26 or later
    • Upgrade 3312.x versions to 3312.26 or later
    • Upgrade 3363.x versions to 3363.24 or later
    • All other stemcells should be upgraded to the latest version.
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.119.0 or later.

References

Related

osv 2
debian 2
nessus 4
openvas 5
ubuntu 2
veracode 3
talos 3
ubuntucve 3
nvd 3
debiancve 3
cve 3
prion 3
cvelist 3
threatpost 1
osv
osv
rtmpdump - security update
2017-05-12 00:00:00
rtmpdump - security update
2017-04-25 00:00:00
debian
debian
[SECURITY] [DSA 3850-1] rtmpdump security update
2017-05-12 21:01:17
[SECURITY] [DLA 917-1] rtmpdump security update
2017-04-25 22:15:21
nessus
nessus
Debian DSA-3850-1 : rtmpdump - security update
2017-05-15 00:00:00
Ubuntu 12.04 LTS : rtmpdump vulnerabilities (USN-3283-2)
2017-05-24 00:00:00
Debian DLA-917-1 : rtmpdump security update
2017-04-26 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3850-1)
2017-05-11 00:00:00
Debian: Security Advisory (DLA-917-1)
2018-01-16 00:00:00
Ubuntu: Security Advisory (USN-3283-1)
2017-05-10 00:00:00
ubuntu
ubuntu
rtmpdump vulnerabilities
2017-05-23 00:00:00
rtmpdump vulnerabilities
2017-05-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-12-06 04:42:46
Denial Of Service (DoS)
2020-12-06 04:42:46
Remote Code Execution (RCE)
2020-12-06 04:42:47
talos
talos
RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability
2016-01-07 00:00:00
RTMPDump rtmpsrv PlayPath Null Pointer Dereference
2016-01-07 00:00:00
RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability
2016-01-07 00:00:00
ubuntucve
ubuntucve
CVE-2015-8270
2017-04-13 00:00:00
CVE-2015-8272
2017-04-13 00:00:00
CVE-2015-8271
2017-04-13 00:00:00
nvd
nvd
CVE-2015-8270
2017-04-13 14:59:00
CVE-2015-8272
2017-04-13 14:59:01
CVE-2015-8271
2017-04-13 14:59:01
debiancve
debiancve
CVE-2015-8272
2017-04-13 14:59:01
CVE-2015-8270
2017-04-13 14:59:00
CVE-2015-8271
2017-04-13 14:59:01
cve
cve
CVE-2015-8272
2017-04-13 14:59:01
CVE-2015-8270
2017-04-13 14:59:00
CVE-2015-8271
2017-04-13 14:59:01
prion
prion
Null pointer dereference
2017-04-13 14:59:00
Null pointer dereference
2017-04-13 14:59:00
Code injection
2017-04-13 14:59:00
cvelist
cvelist
CVE-2015-8270
2017-04-13 14:00:00
CVE-2015-8272
2017-04-13 14:00:00
CVE-2015-8271
2017-04-13 14:00:00
threatpost
threatpost
Popular Apps on Google Play Store Remain Unpatched
2019-11-21 12:05:58

EPSS

0.033

Percentile

91.3%

JSON
Related for CFOUNDRY:4F44BB9B106D32B4E5A9989D23C2AB87
osv2debian2nessus4openvas5ubuntu2veracode3talos3ubuntucve3nvd3debiancve3cve3prion3cvelist3threatpost1