|
Fenice HTTP Request Handling Two Vulnerabilities
|
|
Secunia Advisory:
|
SA19770
|
|
|
Release Date:
|
2006-04-24
|
|
Last Update:
|
2006-04-28
|
|
Popularity:
|
4,973 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Fenice 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-2022
CVE-2006-2023
|
|
Description:
Luigi Auriemma has reported two vulnerabilities in Fenice, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
1) A boundary error exists within the parsing of the RTSP URL received from a client. This can be exploited to cause a buffer overflow and may allow arbitrary code execution.
2) An input validation error exists within the handling of the Content-Length HTTP header received from a client. This can be exploited to cause out-of-bounds memory access, which crashes the server via an overly large Content-Length value.
The vulnerabilities have been reported in version 1.10 and in the CVS version dated 2005-07-26. Prior versions may also be affected.
Solution:
A patch will reportedly be released soon.
Restrict access to trusted users only.
Provided and/or discovered by:
Luigi Auriemma
Changelog:
2006-04-28: Added CVE references.
Original Advisory:
http://aluigi.altervista.org/adv/fenicex-adv.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
