Fenice OMS Server HTTP RTSP_msg_len Negative Value DoS

2006-04-23T10:47:37
ID OSVDB:24882
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2006-04-23T10:47:37

Description

Vulnerability Description

Fenice contains a flaw that may allow a remote denial of service. The issue is triggered when a Content-Length HTTP header with a big value such as 2147483647 is sent, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.11 (svn r353 - 2006-06-06) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Fenice contains a flaw that may allow a remote denial of service. The issue is triggered when a Content-Length HTTP header with a big value such as 2147483647 is sent, and will result in loss of availability for the service.

Manual Testing Notes

GET / HTTP/1.0 Content-Length: 4294967295

References:

Vendor URL: http://streaming.polito.it/server Secunia Advisory ID:19770 Related OSVDB ID: 24881 Other Advisory URL: http://aluigi.altervista.org/adv/fenicex-adv.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0638.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0023.html FrSIRT Advisory: ADV-2006-1491 CVE-2006-2023 Bugtraq ID: 17678