Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200712-18
HistoryDec 29, 2007 - 12:00 a.m.

Multi-Threaded DAAP Daemon: Multiple vulnerabilities

2007-12-2900:00:00
Gentoo Foundation
security.gentoo.org
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.105 Low

EPSS

Percentile

95.0%

JSON

Background

Multi-Threaded DAAP Daemon (mt-daapd), also known as the Firefly Media Server, is a software to serve digital music to the Roku Soundbridge and Apple’s iTunes.

Description

nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the “Authorization: Basic” HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ‘:’ character, leading to NULL pointer dereferences (CVE-2007-5824).

Impact

A remote attacker could send specially crafted HTTP requests to the web server in the Multi-Threaded DAAP Daemon, possibly leading to the execution of arbitrary code with the privileges of the user running the web server or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Multi-Threaded DAAP Daemon users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/mt-daapd-0.2.4.1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/mt-daapd< 0.2.4.1UNKNOWN

Related

openvas 6
nessus 4
osv 1
debian 3
securityvulns 1
ubuntucve 2
cve 2
prion 2
freebsd 1
openvas
openvas
Gentoo Security Advisory GLSA 200712-18 (mt-daapd)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200712-18 (mt-daapd)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1597-1)
2008-06-27 00:00:00
nessus
nessus
GLSA-200712-18 : Multi-Threaded DAAP Daemon: Multiple vulnerabilities
2007-12-31 00:00:00
Debian DSA-1597-2 : mt-daapd - multiple vulnerabilities
2008-06-16 00:00:00
Firefly Media Server webserver.c ws_addarg Function /xml-rpc Authorization Header Remote Format String
2007-11-03 00:00:00
osv
osv
mt-daapd - several vulnerabilities
2008-06-12 00:00:00
debian
debian
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
2008-06-12 17:10:44
[SECURITY] [DSA-1597-2] New mt-daapd package fix regression
2008-08-30 17:33:39
[SECURITY] [DSA-1597-2] New mt-daapd package fix regression
2008-08-30 17:33:46
securityvulns
securityvulns
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
2008-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2007-5825
2007-11-05 00:00:00
CVE-2007-5824
2007-11-05 00:00:00
cve
cve
CVE-2007-5825
2007-11-05 19:46:00
CVE-2007-5824
2007-11-05 19:46:00
prion
prion
Authorization
2007-11-05 19:46:00
Format string
2007-11-05 19:46:00
freebsd
freebsd
mt-daapd -- denial of service vulnerability
2007-11-05 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.105 Low

EPSS

Percentile

95.0%

JSON
Related for GLSA-200712-18
openvas6nessus4osv1debian3securityvulns1ubuntucve2cve2prion2freebsd1