[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [UPH-07-03] Firefly Media Server remote format string vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [UPH-07-03] Firefly Media Server remote format string vulnerability
- From: nnp <version5@xxxxxxxxx>
- Date: Fri, 2 Nov 2007 11:03:42 -0700
Hrm, it appears something got messed up in the body of that email.
Check the attached .txt for the correct version of the advisory.
--nnp
On 11/2/07, nnp <version5@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [UPH-07-02]
> UnprotectedHex.com security advisory [07-02]
> Discovered by nnp
>
> Discovered : 1 August 2007
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote format string
>
> Affected product : mt-dappd/Firefly Media Server
> Version : request_vars,"HTTP_USER",username);
> ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password);
>
>
> int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) {
> ...
> va_start(ap,fmt);
> vsnprintf(value,sizeof(value),fmt,ap);
> va_end(ap);
>
>
> Proof of concept code : Yes
>
>
> - --
> http://www.smashthestack.org
> http://www.unprotectedhex.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: http://firegpg.tuxfamily.org
>
> iD8DBQFHK8b8bP10WPHfgnQRAoYPAKCfzLo5QPxDKBbOI8Hl+hTnKS5OWACgoOmq
> CM98n8wCZ3AVdi2/vVPhnzk=
> =lrAq
> -----END PGP SIGNATURE-----
>
>
--
http://www.smashthestack.org
http://www.unprotectedhex.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/