Re: [UPH-07-03] Firefly Media Server remote format string vulnerability

From: nnp <version5@gmail.com>
To: full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Cc:
Subject: Re: [UPH-07-03] Firefly Media Server remote format string vulnerability
Date:


Hrm, it appears something got messed up in the body of that email.
Check the attached .txt for the correct version of the advisory.

--nnp

On 11/2/07, nnp <version5@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [UPH-07-02]
> UnprotectedHex.com security advisory [07-02]
> Discovered by nnp
>
> Discovered : 1 August 2007
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote format string
>
> Affected product : mt-dappd/Firefly Media Server
> Version : request_vars,"HTTP_USER",username);
>     ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password);
>
>
> int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) {
> ...
>     va_start(ap,fmt);
>     vsnprintf(value,sizeof(value),fmt,ap);
>     va_end(ap);
>
>
> Proof of concept code : Yes
>
>
> - --
> http://www.smashthestack.org
> http://www.unprotectedhex.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: http://firegpg.tuxfamily.org
>
> iD8DBQFHK8b8bP10WPHfgnQRAoYPAKCfzLo5QPxDKBbOI8Hl+hTnKS5OWACgoOmq
> CM98n8wCZ3AVdi2/vVPhnzk=
> =lrAq
> -----END PGP SIGNATURE-----
>
>


-- 
http://www.smashthestack.org
http://www.unprotectedhex.com





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.