FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  365571
Date:      2014-08-21
Time:      17:13:16Z
Committer: lwhsu

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a7080c30-91a2-11dc-b2eb-00b0d07e6c7emt-daapd -- denial of service vulnerability

US-CERT reports:

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.


Discovery 2007-11-05
Entry 2007-11-12
mt-daapd
lt 0.2.4.1

CVE-2007-5824
86a4d810-1884-11dd-a914-0016179b2dd5mt-daapd -- integer overflow

FrSIRT reports:

A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the ws_getpostvars() function when processing a negative Content-Length: header value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.


Discovery 2008-04-21
Entry 2008-05-02
mt-daapd
lt 0.2.4.2

CVE-2008-1771
http://secunia.com/advisories/29917
http://www.frsirt.com/english/advisories/2008/1303
a7080c30-91a2-11dc-b2eb-00b0d07e6c7emt-daapd -- denial of service vulnerability

US-CERT reports:

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.


Discovery 2007-11-05
Entry 2007-11-12
mt-daapd
lt 0.2.4.1

CVE-2007-5824
86a4d810-1884-11dd-a914-0016179b2dd5mt-daapd -- integer overflow

FrSIRT reports:

A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the ws_getpostvars() function when processing a negative Content-Length: header value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.


Discovery 2008-04-21
Entry 2008-05-02
mt-daapd
lt 0.2.4.2

CVE-2008-1771
http://secunia.com/advisories/29917
http://www.frsirt.com/english/advisories/2008/1303