FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mt-daapd -- integer overflow

Affected packages
mt-daapd < 0.2.4.2

Details

VuXML ID 86a4d810-1884-11dd-a914-0016179b2dd5
Discovery 2008-04-21
Entry 2008-05-02

FrSIRT reports:

A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the ws_getpostvars() function when processing a negative Content-Length: header value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.

References

CVE Name CVE-2008-1771
URL http://secunia.com/advisories/29917
URL http://www.frsirt.com/english/advisories/2008/1303