Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 200110

Summary: media-sound/mt-daapd < 0.2.4.1 Two DoS and Format string vulnerability (CVE-2007-{5824,5825})
Product: Gentoo Security Reporter: Samuli Suominen (RETIRED) <ssuominen>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: sound
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 183776    

Description Samuli Suominen (RETIRED) gentoo-dev 2007-11-23 19:26:24 UTC
Important for getting rid of howl, this adds native avahi support.

amd64 stable
Comment 1 Dawid Węgliński (RETIRED) gentoo-dev 2007-11-24 12:12:42 UTC
x86 stable
Comment 2 Brent Baude (RETIRED) gentoo-dev 2007-11-25 16:17:25 UTC
ppc stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2007-11-29 18:02:47 UTC
sparc stable
Comment 4 Samuli Suominen (RETIRED) gentoo-dev 2007-12-10 17:32:10 UTC
vapier, any chance of doing this.. ? it's blocking phasing out of howl, unfortunately otherwise it's getting lastrited and keywords are lost.
Comment 5 Alexandre Rostovtsev (RETIRED) gentoo-dev 2007-12-15 12:16:50 UTC
Versions of mt-daapd prior to 0.2.4.1 are vulnerable.
See CVE-2007-5824 (dos) and CVE-2007-5825 (remote code execution)

Therefore, mt-daapd-0.2.4 must be patched or removed from the tree.
Comment 6 Samuli Suominen (RETIRED) gentoo-dev 2007-12-15 13:48:48 UTC
(In reply to comment #5)
> Versions of mt-daapd prior to 0.2.4.1 are vulnerable.
> See CVE-2007-5824 (dos) and CVE-2007-5825 (remote code execution)
> 
> Therefore, mt-daapd-0.2.4 must be patched or removed from the tree.
> 

Security, was there something needed to be done? Only arm and sh left here.
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2007-12-18 21:04:32 UTC
Thanks for letting us know.

CVE-2007-5824:
         webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier
         allows remote attackers to cause a denial of service (NULL dereference
         and daemon crash) via a stats method action to /xml-rpc with (1) an
         empty Authorization header line, which triggers a crash in the
         ws_decodepassword function; or (2) a header line without a ':'
         character, which triggers a crash in the ws_getheaders function.
CVE-2007-5825:
         Format string vulnerability in the ws_addarg function in webserver.c
         in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote
         attackers to execute arbitrary code via a stats method action to
         /xml-rpc with format string specifiers in the (1) username or (2)
         password portion of base64-encoded data on the "Authorization: Basic"
         HTTP header line.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2007-12-18 21:06:45 UTC
GLSA request filed.

This slipped through our grid because the vulnerabilities were announced in "FireFly Media Server". Sound, could you please edit the ebuilds to contain the new name in the ebuild description, so it can be found easier. Thank you! 
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2007-12-29 13:58:22 UTC
GLSA 200712-18, thanks everyone.