Full Disclosure mailing list archives
Re: [UPH-07-03] Firefly Media Server remote format string vulnerability
From: nnp <version5 () gmail com>
Date: Fri, 2 Nov 2007 11:03:42 -0700
Hrm, it appears something got messed up in the body of that email. Check the attached .txt for the correct version of the advisory. --nnp On 11/2/07, nnp <version5 () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [UPH-07-02] UnprotectedHex.com security advisory [07-02] Discovered by nnp Discovered : 1 August 2007 Reported to the vendor : 13 October 2007 Fixed by vendor : 21 October 2007 Vulnerability class : Remote format string Affected product : mt-dappd/Firefly Media Server Version : request_vars,"HTTP_USER",username); ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password); int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) { ... va_start(ap,fmt); vsnprintf(value,sizeof(value),fmt,ap); va_end(ap); Proof of concept code : Yes - -- http://www.smashthestack.org http://www.unprotectedhex.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: http://firegpg.tuxfamily.org iD8DBQFHK8b8bP10WPHfgnQRAoYPAKCfzLo5QPxDKBbOI8Hl+hTnKS5OWACgoOmq CM98n8wCZ3AVdi2/vVPhnzk= =lrAq -----END PGP SIGNATURE-----
-- http://www.smashthestack.org http://www.unprotectedhex.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [UPH-07-03] Firefly Media Server remote format string vulnerability nnp (Nov 02)
- Re: [UPH-07-03] Firefly Media Server remote format string vulnerability nnp (Nov 02)