CVE-2007-5824 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5824
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5824

Description: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/38242 http://xforce.iss.net/xforce/xfdb/38241 SAID Secunia Advisory: SA28269 Secunia Advisory: SA30661 MISC http://bugs.gentoo.org/show_bug.cgi?id=200110 MILW0RM http://www.milw0rm.com/exploits/4600 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml DEBIAN http://www.debian.org/security/2008/dsa-1597 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483211/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483210/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483215/100/0/threaded BID 26309

Return to the previous page.