Bugtraq mailing list archives
[UPH-07-03] Firefly Media Server remote format string vulnerability
From: nnp <version5 () gmail com>
Date: Fri, 2 Nov 2007 11:00:12 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [UPH-07-02] UnprotectedHex.com security advisory [07-02] Discovered by nnp Discovered : 1 August 2007 Reported to the vendor : 13 October 2007 Fixed by vendor : 21 October 2007 Vulnerability class : Remote format string Affected product : mt-dappd/Firefly Media Server Version : request_vars,"HTTP_USER",username); ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password); int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) { ... va_start(ap,fmt); vsnprintf(value,sizeof(value),fmt,ap); va_end(ap); Proof of concept code : Yes - -- http://www.smashthestack.org http://www.unprotectedhex.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: http://firegpg.tuxfamily.org iD8DBQFHK8b8bP10WPHfgnQRAoYPAKCfzLo5QPxDKBbOI8Hl+hTnKS5OWACgoOmq CM98n8wCZ3AVdi2/vVPhnzk= =lrAq -----END PGP SIGNATURE-----
Attachment:
uph0703.py
Description:
Attachment:
uph0703.txt
Description:
Current thread:
- [UPH-07-03] Firefly Media Server remote format string vulnerability nnp (Nov 02)