Security: mt-daapd DAAP audio server

April 13, 2008in Debian Linux, GNU/Open source, Linux, Security Alert last updated April 13, 2008

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems:

Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code.

Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code.

An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.

How do I patch my system?

Simply type the following command:
# apt-get update # apt-get upgrade

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Tagged as: arbitrary code execution, authentication, buffer overflow, CVE-2007-5824, CVE-2007-5825, CVE-2008-1771, heap, integer overflow, vulnerabilities

How do I patch my system?

Posted by: Vivek Gite

Share this on (or read 0 comments/add one below):