Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2007-5824

Published: 05/11/2007 Updated: 15/10/2018
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 715
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Media Server

Vulnerability Summary

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and previous versions allows remote malicious users to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.

Vulnerable Product Search on Vulmon Subscribe to Product

firefly media server

Vendor Advisories

Debian Security Advisories: DSA-1597-2 mt-daapd -- multiple vulnerabilities
Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server) The Common Vulnerabilities and Exposures project identifies the following three problems: CVE-2007-5824 Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentia ...

Exploits

Exploit DB: Firefly Media Server 0.2.4 - Remote Denial of Service
#!C:\python25\python25exe """ Advisory : [UPH-07-02] mt-dappd/Firefly media server remote DoS Discovered by nnp wwwunprotectedhexcom """ import sys import socket import time if len(sysargv) != 3: sysexit(-1) kill_msg = """GET /xml-rpc?method=stats HTTP/11\r\n Authorization:\r\n\r\n""" host = sysargv[1] port = sysargv[2] pr ...

References

CWE-20http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679http://www.securityfocus.com/bid/26309http://bugs.gentoo.org/show_bug.cgi?id=200110http://www.gentoo.org/security/en/glsa/glsa-200712-18.xmlhttp://secunia.com/advisories/28269http://www.debian.org/security/2008/dsa-1597http://secunia.com/advisories/30661https://exchange.xforce.ibmcloud.com/vulnerabilities/38242https://exchange.xforce.ibmcloud.com/vulnerabilities/38241https://www.exploit-db.com/exploits/4600http://www.securityfocus.com/archive/1/483215/100/0/threadedhttp://www.securityfocus.com/archive/1/483211/100/0/threadedhttp://www.securityfocus.com/archive/1/483210/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1597https://www.exploit-db.com/exploits/4600/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook