Full Disclosure mailing list archives
DDIVRT-2008-18 Orb Denial of Service
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Thu, 4 Dec 2008 09:03:00 -0600
Title ----- DDIVRT-2008-18 Orb Denial of Service Severity -------- Medium Date Discovered --------------- October 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users. Solution Description -------------------- Use firewall rules to restrict access to authorized users of the Orb server. This issue has been fixed in version 2.01.0025, which is available on Orb's website. Tested Systems / Software (with versions) ------------------------------------------ Orb version 2.01.0017 on Windows XP Pro SP2 Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2 Orb version 2.01.0020 on Windows XP Pro SP2 Vendor Contact -------------- Orb Networks http://www.orb.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DDIVRT-2008-18 Orb Denial of Service DDI_Vulnerability_Alert (Dec 04)