Home / vulnerabilities

PDF

uph0701.txt

Posted on 03 November 2007
Source : packetstormsecurity.org Link

 

[UPH-07-01]
UnprotectedHex.com security advisory [07-01]
Discovered by nnp

Discovered : 1 August 2007
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007

Vulnerability class : Remote DoS

Affected product : mt-dappd/Firefly Media Server
Version : <= 0.2.4
Product details:
www.fireflymediaserver.org/
'''
The purpose of this project is built the best server software to serve digital music to the Roku Soundbridge and iTunes; to be able to serve the widest variety of digital music content over the widest range of devices
'''

File/Function/line : webserver.c/ws_getheaders/631

Cause : Null pointer dereference. Any header that contains a line (not the first line) that does not contain a ':' will result in a null pointer dereference as strsep(&last, ':') will assign NULL to the variable 'last' and the code then attempts to dereference 'last'.

strsep(&last,":");

if(last==first) {
DPRINTF(E_WARN,L_WS,"Thread %d: Invalid header: %s
",
pwsc->threadno,first);
} else {
while(*last==' ')
last++;

Proof of concept code : Yes

 

TOP