|
|
>> Gentoo Security Update Fixes Multi-Threaded DAAP Daemon Issues
|
Title : Gentoo Security Update Fixes Multi-Threaded DAAP Daemon Issues
VUPEN ID : VUPEN/ADV-2008-0001
CVE ID : CVE-2007-5824 - CVE-2007-5825
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-02
|
Multiple vulnerabilities have been identified in Gentoo, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. These issues are caused by errors in the "ws_addarg()", "ws_decodepassword()" and "ws_getheaders()" functions within mt-daapd (Multi-Threaded DAAP Daemon / Firefly Media Server) when handling specially crafted "Authorization:" headers, which could be exploited by attackers to crash a vulnerable application or compromise an affected system.
Affected Products
media-sound/mt-daapd versions prior to 0.2.4.1
Solution
Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=media-sound/mt-daapd-0.2.4.1"
References
http://www.vupen.com/english/advisories/2008/0001
http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml
ChangeLog
2008-01-02 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
