From owner-freebsd-ports-bugs@FreeBSD.ORG Thu May 1 06:20:01 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 757F11065672 for ; Thu, 1 May 2008 06:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 510D78FC1C for ; Thu, 1 May 2008 06:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m416K1qO068813 for ; Thu, 1 May 2008 06:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m416K1ei068812; Thu, 1 May 2008 06:20:01 GMT (envelope-from gnats) Resent-Date: Thu, 1 May 2008 06:20:01 GMT Resent-Message-Id: <200805010620.m416K1ei068812@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Mark D. Foster" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10A5E1065671 for ; Thu, 1 May 2008 06:11:06 +0000 (UTC) (envelope-from mark@foster.cc) Received: from QMTA06.westchester.pa.mail.comcast.net (qmta06.westchester.pa.mail.comcast.net [76.96.62.56]) by mx1.freebsd.org (Postfix) with ESMTP id B00738FC19 for ; Thu, 1 May 2008 06:11:05 +0000 (UTC) (envelope-from mark@foster.cc) Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA06.westchester.pa.mail.comcast.net with comcast id L5HM1Z00V1HzFnQ5607s00; Thu, 01 May 2008 06:10:49 +0000 Received: from [192.168.1.9] ([24.17.96.78]) by OMTA14.westchester.pa.mail.comcast.net with comcast id L6B21Z0031hTbBL3a00000; Thu, 01 May 2008 06:11:04 +0000 Message-Id: <48195E9D.8040103@foster.cc> Date: Wed, 30 Apr 2008 23:09:33 -0700 From: "Mark D. Foster" To: FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: ports/123285: vuxml update: vulnerability in mt-daapd < 0.2.4.2 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2008 06:20:01 -0000 >Number: 123285 >Category: ports >Synopsis: vuxml update: vulnerability in mt-daapd < 0.2.4.2 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu May 01 06:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: FreeBSD 5.5-RELEASE-p18 i386 >Organization: >Environment: System: FreeBSD franco.foster.dmz 5.5-RELEASE-p18 FreeBSD 5.5-RELEASE-p18 #25: Tue Jan 15 08:43:22 PST 2008 root@franco.foster.dmz:/usr/obj/usr/src/sys/FRANCO1 i386 >Description: Add information about CVS-2008-1771 and update earlier entry for mt-daapd to add addl. references. >How-To-Repeat: >Fix: --- vuln.xml.patch1 begins here --- --- vuln.xml.old Wed Apr 30 22:28:10 2008 +++ vuln.xml Wed Apr 30 22:35:16 2008 @@ -34,6 +34,33 @@ --> + + mt-daapd -- Integer overflow + + + + 0.2.4.2 + + + + +

FrSIRT reports:

+
+

A vulnerability has been identified in mt-daapd (Multi-Threaded DAAP Daemon), which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the "ws_getpostvars()" [src/webserver.c] function when processing a negative "Content-Length:" header value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code.

+
+ +
+ + CVE-2008-1771 + http://secunia.com/advisories/29917 + http://www.frsirt.com/english/advisories/2008/1303 + + + 2008-04-21 + 2008-04-30 + +
+ mozilla -- multiple vulnerabilities @@ -2167,10 +2194,12 @@ CVE-2007-5824 + CVE-2007-5825 2007-11-05 2007-11-12 + 2008-04-30 --- vuln.xml.patch1 ends here --- -- Said one park ranger, 'There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.' Mark D. Foster, CISSP http://mark.foster.cc/ >Release-Note: >Audit-Trail: >Unformatted: