Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18351
HistoryNov 06, 2007 - 12:00 a.m.

[UPH-07-02] Firefly Media Server DoS

2007-11-0600:00:00
vulners.com
9
JSON

[UPH-07-02]
UnprotectedHex.com security advisory [07-02]
Discovered by nnp

Discovered : 1 August 2007
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007

Vulnerability class : Remote DoS

Affected product : mt-dappd/Firefly Media Server
Version : <= 0.2.4
Product details:
www.fireflymediaserver.org/
'''
The purpose of this project is built the best server software to serve digital music to
the Roku Soundbridge and iTunes; to be able to serve the widest variety of digital music
content over the widest range of devices
'''

File/Function/line : webserver.c/ws_decodepassword/1399

Cause: Null pointer dereference. There is an unchecked increment of the 'header'
variable until a space character is encountered. If a space character is not encountered
the pointer is incremented/dereferenced until out of bounds memory is hit. Exploiting
this depends on the state of memory at the time so the exploit constantly sends a header
with no data as part of the authorization header until a crash occurs. This typically
occurs within seconds.

/* xlat table is initialized */
while&#40;*header != &#39; &#39;&#41;
header++;

Proof of concept code : Yes

JSON