giFT-FastTrack HTTP Header Parsing DoS

2004-06-24T00:00:00
ID OSVDB:7266
Type osvdb
Reporter Alan Fitton()
Modified 2004-06-24T00:00:00

Description

Vulnerability Description

giFT-FastTrack contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL pointer involving HTTP header parsing gets dereferenced, and will result in loss of availability for the service.

Solution Description

Upgrade to version 0.8.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

giFT-FastTrack contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL pointer involving HTTP header parsing gets dereferenced, and will result in loss of availability for the service.

References:

Vendor URL: http://gift-fasttrack.berlios.de/ Vendor Specific Advisory URL Secunia Advisory ID:11942 Secunia Advisory ID:11941 ISS X-Force ID: 16508 Generic Informational URL: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/gift-fasttrack/giFT-FastTrack/ChangeLog?rev=1.24&content-type=text/vnd.viewcvs-markup CVE-2004-0604 Bugtraq ID: 10604