FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5824

This CVE name corresponds to:

Entered Topic
2007-11-12 mt-daapd -- denial of service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5824 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5824
Phase Assigned(20071105)

Description

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.

References

Source Reference
BUGTRAQ 20071102 Re: [UPH-07-01] Firefly Media Server DoS
BUGTRAQ 20071102 [UPH-07-01] Firefly Media Server DoS
BUGTRAQ 20071102 [UPH-07-02] Firefly Media Server DoS
MILW0RM 4600
MISC http://bugs.gentoo.org/show_bug.cgi?id=200110
CONFIRM http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679
DEBIAN DSA-1597
GENTOO GLSA-200712-18
BID 26309
SECUNIA 28269
SECUNIA 30661
XF firefly-decodepassword-dos(38242)
XF firefly-getheaders-dos(38241)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.