[UPH-07-03] Firefly Media Server remote format string vulnerability

UPH-07-02 UnprotectedHex.com security advisory 07-02 Discovered by nnp Discovered : 1 August 2007 Reported to the vendor : 13 October 2007 Fixed by vendor : 21 October 2007 Vulnerability class : Remote format string Affected product : mt-dappd/Firefly Media Server Version : = 0.2.4 Product detail...

Firefly Media Server webserver.c ws_addarg Function /xml-rpc Authorization Header Remote Format String

The remote host is running Firefly Media Server, also known as mt-daapd, a media streaming server. The version of Firefly Media Server installed on the remote host apparently fails to sanitize user-supplied input before using it as the format string in a call to 'vsnprintf'' in 'src/webserver.c'...