Nero MediaHome image from nero.com
Nero MediaHome version 4.5.8.0 is vulnerable to perform remote DoS (Denial-of-service) attacks. This could be exploited by an attacker to crash the server remotely.
The vulnerability exists due to improper handling of the URI length within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted 1) HTTP request of at least 500'000 characters long 2) HTTP HEAD request of at least 265'696 characters long to port 54444/TCP (Nero MediaHome server's default port) and cause 1) a stack-based buffer overrun 2) a heap-based buffer overrun that will immediately crash the Nero MediaHome server.
The vulnerability exists due to improper handling of the 1) HTTP OPTIONS method length 2) HTTP REFERER header length within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted packet of 1) at least 265'712 characters long 2) at least 265'566 characters long to port 54444/TCP and cause a heap-based buffer overrun that will immediately crash the Nero MediaHome server.
The vulnerability exists due to improper handling of the HTTP HOST header within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted packet with missing HOST HTTP header. The Nero MediaHome server HTTP parser will crash immediately after receiving the aforementioned malformed HTTP request.
All details are available on High-Tech Bridge Advisory HTB23130 - Nero MediaHome Server Multiple Remote DoS vulnerabilities.
No comments:
Post a Comment