FreeBSD : mt-daapd -- denial of service vulnerability (a7080c30-91a2-11dc-b2eb-00b0d07e6c7e)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

US-CERT reports :

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier
allows remote attackers to cause a denial of service (NULL dereference
and daemon crash) via a stats method action to /xml-rpc with (1) an
empty Authorization header line, which triggers a crash in the
ws_decodepassword function; or (2) a header line without a ':'
character, which triggers a crash in the ws_getheaders function.

See also :

http://www.nessus.org/u?6521587c

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 28195 (freebsd_pkg_a7080c3091a211dcb2eb00b0d07e6c7e.nasl)

Bugtraq ID:

CVE ID: CVE-2007-5824

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now