CVE-2007-5824
Published: 5 November 2007
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.
Priority
Status
Package | Release | Status |
---|---|---|
mt-daapd Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(0.9~r1696-1.1)
|
|
intrepid |
Not vulnerable
(0.9~r1696-1.3build1)
|
|
upstream |
Released
(0.9~r1696-1.1)
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1597 |