Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New mt-daapd package fix regression
Informations
Name DSA-1597 First vendor Publication 2008-06-12
Vendor Debian Last vendor Modification 2008-08-30
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

In DSA-1597-1, an update was announced for multiple vulnerabilities in the mt-daapd audio server. One of the fixes introduced a regression preventing successful authentication to the administration interface. An updated release is available which corrects this problem. For reference, the original advisory text follows.

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems:

CVE-2007-5824

Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code.

CVE-2007-5825

Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code.

CVE-2008-1771

An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.

For the stable distribution (etch), these problems have been fixed in version 0.2.4+r1376-1.1+etch2.

We recommend that you upgrade your mt-daapd package.

Original Source

Url : http://www.debian.org/security/2008/dsa-1597

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)
33 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)
33 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20294
 
Oval ID: oval:org.mitre.oval:def:20294
Title: DSA-1597-1 mt-daapd - several vulnerabilities
Description: Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server).
Family: unix Class: patch
Reference(s): DSA-1597-1
CVE-2007-5824
CVE-2007-5825
CVE-2008-1771
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): mt-daapd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8291
 
Oval ID: oval:org.mitre.oval:def:8291
Title: DSA-1597 mt-daapd -- multiple vulnerabilities
Description: Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems: Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code. Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code. An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-1597
CVE-2007-5824
CVE-2007-5825
CVE-2008-1771
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): mt-daapd
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1

OpenVAS Exploits

Date Description
2009-02-17 Name : Fedora Update for mt-daapd FEDORA-2008-3250
File : nvt/gb_fedora_2008_3250_mt-daapd_fc8.nasl
2009-02-17 Name : Fedora Update for mt-daapd FEDORA-2008-4126
File : nvt/gb_fedora_2008_4126_mt-daapd_fc9.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200712-18 (mt-daapd)
File : nvt/glsa_200712_18.nasl
2008-09-04 Name : FreeBSD Ports: mt-daapd
File : nvt/freebsd_mt-daapd.nasl
2008-09-04 Name : FreeBSD Ports: mt-daapd
File : nvt/freebsd_mt-daapd0.nasl
2008-06-28 Name : Debian Security Advisory DSA 1597-1 (mt-daapd)
File : nvt/deb_1597_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45286 Firefly Media Server webserver.c ws_addarg Function /xml-rpc Authorization He...
44448 Firefly Media Server ws_getpostvars Function Content-Length Header HTTP Reque...

Nessus® Vulnerability Scanner

Date Description
2008-06-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1597.nasl - Type : ACT_GATHER_INFO
2008-05-20 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4126.nasl - Type : ACT_GATHER_INFO
2008-05-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_86a4d810188411dda9140016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-04-25 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3250.nasl - Type : ACT_GATHER_INFO
2008-04-23 Name : The remote web server is affected by an integer overflow vulnerability.
File : firefly_content_overflow.nasl - Type : ACT_ATTACK
2007-12-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200712-18.nasl - Type : ACT_GATHER_INFO
2007-11-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a7080c3091a211dcb2eb00b0d07e6c7e.nasl - Type : ACT_GATHER_INFO
2007-11-03 Name : The remote web server is affected by a format string vulnerability.
File : firefly_format_string.nasl - Type : ACT_MIXED_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:27:43
  • Multiple Updates