FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a7080c30-91a2-11dc-b2eb-00b0d07e6c7e	mt-daapd -- denial of service vulnerability US-CERT reports: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. Discovery 2007-11-05 Entry 2007-11-12 mt-daapd < 0.2.4.1 CVE-2007-5824
86a4d810-1884-11dd-a914-0016179b2dd5	mt-daapd -- integer overflow FrSIRT reports: A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the ws_getpostvars() function when processing a negative Content-Length: header value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code. Discovery 2008-04-21 Entry 2008-05-02 mt-daapd < 0.2.4.2 CVE-2008-1771 http://secunia.com/advisories/29917 http://www.frsirt.com/english/advisories/2008/1303

VuXML ID

Description

a7080c30-91a2-11dc-b2eb-00b0d07e6c7e

mt-daapd -- denial of service vulnerability

US-CERT reports:

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.

Discovery 2007-11-05
Entry 2007-11-12
mt-daapd

< 0.2.4.1

CVE-2007-5824

86a4d810-1884-11dd-a914-0016179b2dd5

mt-daapd -- integer overflow

FrSIRT reports:

A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the ws_getpostvars() function when processing a negative Content-Length: header value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.

Discovery 2008-04-21
Entry 2008-05-02
mt-daapd

< 0.2.4.2

CVE-2008-1771
http://secunia.com/advisories/29917
http://www.frsirt.com/english/advisories/2008/1303