Re: [UPH-07-01] Firefly Media Server DoS

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [UPH-07-01] Firefly Media Server DoS
From: nnp <version5@xxxxxxxxx>
Date: Fri, 2 Nov 2007 11:04:56 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=HtppRLsI3UohMak5LDHrLYAe77PGOZzzNSID5P3dAnY=; b=RMvYYb4wtzvbVnS2vMwIIAZaIybHZ8stctRVFYqPnNz2NjyyroHrPSdvVU+B9rTIfLnsVJz6+0hwLvgcg3yBYxBnDlALXF5PniYRRefciNozxg1CVSRtMYpaBQhDqKr1+cryg91rcZdiq1MbPxpGquMNTJsDDoBbpBH3xE8EQEo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fhqtsx2WP0RD7zBg5589KFMx4iyIum4mY9zrVXu175/+V7iJD0BOceWNszxJzrXihqCjEmC1E/OYDL1UZPUhFe37KjuHAbXOGDj4P4IUjYtge9jE40mcUEbLKJVZ06oqY5D7yLUkHIrGS+vEDK6RzD4f5ilthaIxM/Bx3iGx8Rs=
In-reply-to: <28749c0e0711021055o45be8fc6vd382d8dcce60daaf@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <28749c0e0711021055o45be8fc6vd382d8dcce60daaf@xxxxxxxxxxxxxx>

Yup, managed to mess up the formatting of that email somehow. Check
the attached .txt for the correct version of the advisory.

--nnp

On 11/2/07, nnp <version5@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [UPH-07-01]
> UnprotectedHex.com security advisory [07-01]
> Discovered by nnp
>
> Discovered : 1 August 2007
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote DoS
>
> Affected product : mt-dappd/Firefly Media Server
> Version : threadno,first);
>     } else {
>         while(*last==' ')
>             last++;
>
> Proof of concept code : Yes
>
> - --
> http://www.smashthestack.org
> http://www.unprotectedhex.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: http://firegpg.tuxfamily.org
>
> iD8DBQFHK8XKbP10WPHfgnQRAsEaAKCaZBFsY7V3NO/Yzm1RBb5m5OzmjQCcD1RJ
> U1c389rtN0anvvhpRJxBSEA=
> =i5L8
> -----END PGP SIGNATURE-----
>
>


-- 
http://www.smashthestack.org
http://www.unprotectedhex.com

References:
- [UPH-07-01] Firefly Media Server DoS
  - From: nnp

Prev by Date: [UPH-07-02] Firefly Media Server DoS
Next by Date: Re: mac trojan in-the-wild
Previous by thread: [UPH-07-01] Firefly Media Server DoS
Next by thread: [ GLSA 200711-02 ] OpenSSH: Security bypass
Index(es):
- Date
- Thread