|
Feng Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA28229
|
|
|
Release Date:
|
2007-12-28
|
|
Last Update:
|
2008-01-04
|
|
Popularity:
|
6,027 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Feng 0.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2007-6626
CVE-2007-6627
CVE-2007-6628
CVE-2007-6629
|
|
Description:
Luigi Auriemma has reported some vulnerabilities in Feng, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
1) Two boundary errors exist within the "RTSP_valid_response_msg()" function in rtsp/RTSP_state_machine.c. These can be exploited to cause stack-based buffer overflows via specially crafted RTSP response messages.
Successful exploitation may allow execution of arbitrary code.
2) An integer overflow error exists within the "RTSP_remove_msg()" function in rtsp/RTSP_lowlevel.c. This can be exploited to crash an affected server via a specially crafted RTP packet.
3) Multiple NULL pointer dereference errors exist within the "parse_transport_header()" function in rtsp/RTSP_setup.c. These can be exploited to crash an affected server via specially crafted RTSP transport headers.
4) A NULL pointer dereference error exists within the "parse_play_time_range()" function in rtsp/RTSP_play.c. This can be exploited to crash an affected server via an RTSP range header containing a "time" field without a '=' character.
5) A NULL pointer dereference error exists within the "log_user_agent()" function in rtsp/RTSP_utils.c. This can be exploited to crash an affected server via a "User-Agent" field without a terminating '\n' character.
The vulnerabilities are reported in version 0.1.15. Other versions may also be affected.
Solution:
The vendor will reportedly release a fixed version soon. Restrict access to trusted users only.
Provided and/or discovered by:
Luigi Auriemma
Changelog:
2008-01-04: Added CVE reference.
Original Advisory:
http://aluigi.altervista.org/adv/fengulo-adv.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
