PT-2008-3309 · Roni Music · Firefly Media Server

Published

2008-04-16

Updated

2017-08-08

CVE-2008-1771

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefly Media Server versions 0.2.4.1

Description The issue is caused by an integer overflow in the ws getpostvars function, allowing remote attackers to potentially execute arbitrary code or cause a denial of service via an HTTP POST request with a large Content-Length.

Recommendations For Firefly Media Server version 0.2.4.1, consider restricting access to the ws getpostvars function until a patch is available. As a temporary workaround, limit the size of HTTP POST requests to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-1771

DSA-1597-1

Affected Products

Firefly Media Server

PT-2008-3309 · Roni Music · Firefly Media Server

CVE-2008-1771

Weakness Enumeration

Related Identifiers

Affected Products

References · 12