media server
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: LIVE555 Media Server: Denial of Service
Date: March 13, 2008
Bugs: #204065
ID: 200803-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Adobe Flash Media Server is an application server for Flash based
applications. It provides an environment to run interactive media
applications, as well as audio and video streaming functionality. More
information can be found at the vendor's web site at the following URL.
http://www.adobe.com/products/flashmediaserver/
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Adobe Flash Media Server is an application server for Flash based
applications. It provides an environment to run interactive media
applications, as well as audio and video streaming functionality. More
information can be found at the vendor's web site at the following URL.
http://www.adobe.com/products/flashmediaserver/
#######################################################################
Luigi Auriemma
Application: LIVE555 Media Server
http://www.live555.com/mediaServer/
Versions: <= 2007.11.01
Platforms: *nix, Windows, Mac and others
Bug: crash caused by access to unallocated memory
Exploitation: remote, versus server
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007
Vulnerability class : Remote format string
Affected product : mt-dappd/Firefly Media Server
Version : request_vars,"HTTP_USER",username);
ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password);
int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) {
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007
Vulnerability class : Remote DoS
Affected product : mt-dappd/Firefly Media Server
Version : <= 0.2.4
Product details:
www.fireflymediaserver.org/
'''
Reported to the vendor : 13 October 2007
Fixed by vendor : 21 October 2007
Vulnerability class : Remote DoS
Affected product : mt-dappd/Firefly Media Server
Version : threadno,first);
} else {
while(*last==' ')
last++;
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote format string
>
> Affected product : mt-dappd/Firefly Media Server
> Version : request_vars,"HTTP_USER",username);
> ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password);
>
>
> int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) {
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote DoS
>
> Affected product : mt-dappd/Firefly Media Server
> Version : threadno,first);
> } else {
> while(*last==' ')
> last++;
>
#######################################################################
Luigi Auriemma
Application: Firefly Media Server (mt-daapd)
http://www.fireflymediaserver.org
Versions: <= 2.4.1 and SVN <= 1699
Platforms: *nix, Windows, Mac and others
Bugs: A] partial directory traversal on Windows
B] authentication bypass on Windows
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5328
CVE-2007-5329 - dbasvr memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5329
CVE-2007-5330 - RPC service memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5330
CVE-2007-5331 - lqserver and media server memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5331
CVE-2007-5332 - mediasvr and caloggerd memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5332
OSVDB References: Pending
http://osvdb.org/
Background
==========
Multi-Threaded DAAP Daemon (mt-daapd), also known as the Firefly Media
Server, is a software to serve digital music to the Roku Soundbridge
and Apple's iTunes.
Affected packages
=================
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5; ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB
BACKGROUND
- ----------
1. Software Description (from vendor)
- ----------
Windows Media Services is a Windows server component that enables
content to be streamed from a Windows Media server to Windows Media
clients over the Internet or over an intranet. Clients who receive the
content can render, as in play or display, it as it is being received
without first downloading the content.
- ----------
* Cisco Secure Desktop
* Cisco Security Agent
* Cisco Security Monitoring, Analysis and Response System (MARS)
* Cisco SSL VPN Client (SVC)
* Cisco Unified Contact Center Express (Unified CCX)
* Cisco Video Surveillance Media Server (VSMS)
* CiscoWorks LAN Management Solution (LMS)
* WebEx
Details
=======
|----------------------------+-------------------------------|
| Cisco Video Portal | CSCtd04097 |
| | |
|----------------------------+-------------------------------|
| Cisco Video Surveillance | CSCtd02831 |
| Media Server Software | |
|----------------------------+-------------------------------|
| Cisco Video Surveillance | CSCtd02780 |
| Operations Manager | |
| Software | |
|----------------------------+-------------------------------|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5328
CVE-2007-5329 - dbasvr memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5329
CVE-2007-5330 - RPC service memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5330
CVE-2007-5331 - lqserver and media server memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5331
CVE-2007-5332 - mediasvr and caloggerd memory corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5332
OSVDB References: Pending
http://osvdb.org/
Debian-specific: no
CVE Id(s) : CVE-2007-5824 CVE-2007-5825 CVE-2008-1771
Debian Bug : 459961 476241
Three vulnerabilities have been discovered in the mt-daapd DAAP audio
server (also known as the Firefly Media Server). The Common
Vulnerabilities and Exposures project identifies the following three
problems:
CVE-2007-5824
preventing successful authentication to the administration interface.
An updated release is available which corrects this problem. For
reference, the original advisory text follows.
Three vulnerabilities have been discovered in the mt-daapd DAAP audio
server (also known as the Firefly Media Server). The Common
Vulnerabilities and Exposures project identifies the following three
problems:
CVE-2007-5824
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and r@b13$
Vulnerability Description
-------------------------
Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users.
Solution Description
--------------------
Use firewall rules to restrict access to authorized users of the Orb server.
This issue has been fixed in version 2.01.0025, which is available on Orb's website.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
Title: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities
Product: TwonkyMedia Server
Vendor: TwonkyMedia (PacketVideo Corporation), http://www.twonkymedia.com
Author: Davide Canali
|
