|
|
CVE Reference: CVE-2007-5824 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5824 |
|
|
Description: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/38242 http://xforce.iss.net/xforce/xfdb/38241 SAID Secunia Advisory: SA28269 Secunia Advisory: SA30661 MISC http://bugs.gentoo.org/show_bug.cgi?id=200110 MILW0RM http://www.milw0rm.com/exploits/4600 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml DEBIAN http://www.debian.org/security/2008/dsa-1597 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483211/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483210/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483215/100/0/threaded BID 26309 |
|
| Return to the previous page. |
