Summary
Nero MediaHome Server is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause the application to crash, creating a denial-of-service condition.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Multiple flaws are due to improper handling of the URI length, HTTP OPTIONS method length, HTTP HEAD request, HTTP REFERER and HTTP HOST header within the 'NMMediaServer.dll' in dynamic-link library which allows attackers to cause denial of service condition by sending a specially crafted packet to port 54444/TCP.
Affected
Nero MediaHome Server version 4.5.8.100 and prior
Detection
This test works by sending a big size request to the target service listening on port 54444/TCP and checking that the target service is dead.
References
Severity
Classification
-
CVE CVE-2012-5876, CVE-2012-5877 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
- Adobe Acrobat PDF File Denial Of Service Vulnerability
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
- CUPS IPP Packets Processing Denial of Service Vulnerability
- ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)