GLSA-200712-18 : Multi-Threaded DAAP Daemon: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-18 Multi-Threaded DAAP Daemon: Multiple vulnerabilities nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The wsaddarg function contains a format string vulnerability, as it does not...

Authorization

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

CVE-2007-5824

CVE-2007-5824, CVE-2007-5825 and CVE-2008-1771 affect mt-daapd (Firefly Media Server) and its web/XML-RPC handling. The issues include: (1) insufficient validation and bounds checking of the Authorization HTTP header leading to a heap buffer overflow; (2) format string vulnerabilities in debug lo...

Firefly Media Server webserver.c ws_addarg Function /xml-rpc Authorization Header Remote Format String

The remote host is running Firefly Media Server, also known as mt-daapd, a media streaming server. The version of Firefly Media Server installed on the remote host apparently fails to sanitize user-supplied input before using it as the format string in a call to 'vsnprintf'' in 'src/webserver.c'...