Fenice <= 1.10 Multiple Remote Vulnerabilities
High Nessus Plugin ID 21610
SynopsisThe remote RTSP server suffers from multiple overflow issues.
DescriptionThe remote host is running Fenice, an open source media streaming server for Linux / Unix.
The version of Fenice installed on the remote host is affected by an integer overflow vulnerability involving requests with large values for the 'Content-Length' header and by a buffer overflow vulnerability in its 'parse_url' function. An unauthenticated, remote attacker can exploit either flaw using a simple GET request to crash the affected application and possibly to execute arbitrary code subject to the privileges of the user id under which Fenice runs.
SolutionUpgrade to Fenice version 1.11 or later.