Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

DDIVRT-2008-18 Orb Denial of Service

From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Thu, 4 Dec 2008 09:03:00 -0600
Title

-----

DDIVRT-2008-18 Orb Denial of Service

 

Severity

--------

Medium

 

Date Discovered

---------------

October 21st 2008

 

Discovered By

-------------

Digital Defense, Inc. Vulnerability Research Team

Credit: Steven James and r@b13$

 

Vulnerability Description

-------------------------

Orb Networks' Orb media server is vulnerable to a denial of service
condition. Sending malformed http requests may crash the service denying
service to legitimate users.

 

Solution Description

--------------------

Use firewall rules to restrict access to authorized users of the Orb
server.

This issue has been fixed in version 2.01.0025, which is available on
Orb's website.

 

Tested Systems / Software (with versions)

------------------------------------------

Orb version 2.01.0017 on Windows XP Pro SP2

Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on
Windows XP Pro SP2

Orb version 2.01.0020 on Windows XP Pro SP2

 

Vendor Contact

--------------

Orb Networks

http://www.orb.com

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: