Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
BID:17678
Info
Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
| Bugtraq ID: | 17678 |
| Class: | Unknown |
| CVE: |
CVE-2006-2022 CVE-2006-2023 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2006 12:00AM |
| Updated: | Apr 30 2007 10:00PM |
| Credit: | Luigi Auriemma <[email protected]> discovered these vulnerabilities. |
| Vulnerable: |
(LS)3 Fenice 1.10 |
| Not Vulnerable: |
(LS)3 Fenice 1.11 |
Discussion
Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
Fenice is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform sufficient bounds checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue potentially allows remote attackers to execute arbitrary machine code in the context of the affected server process. Failed exploit attempts will likely crash the application, denying service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw. This issue allows remote attackers to crash the affected application, denying service to legitimate users.
Fenice 1.10 is vulnerable to these issues; other versions may also be affected.
Fenice is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform sufficient bounds checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue potentially allows remote attackers to execute arbitrary machine code in the context of the affected server process. Failed exploit attempts will likely crash the application, denying service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw. This issue allows remote attackers to crash the affected application, denying service to legitimate users.
Fenice 1.10 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
The following HTTP request is sufficient to demonstrate the buffer-overflow vulnerability:
GET /[approximately 320 'a's] HTTP/1.0
The following HTTP request is sufficient to demonstrate the denial-of-service vulnerabilty:
GET / HTTP/1.0
Content-Length: 4294967295
The following exploit code is available:
The following HTTP request is sufficient to demonstrate the buffer-overflow vulnerability:
GET /[approximately 320 'a's] HTTP/1.0
The following HTTP request is sufficient to demonstrate the denial-of-service vulnerabilty:
GET / HTTP/1.0
Content-Length: 4294967295
The following exploit code is available:
Solution / Fix
Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
Solution:
The vendor has released version 1.11 to address this issue.
(LS)3 Fenice 1.10
Solution:
The vendor has released version 1.11 to address this issue.
(LS)3 Fenice 1.10
-
(LS)3 fenice-1.11.tar.gz
http://streaming.polito.it/files/fenice-1.11.tar.gz
References
Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
References:
References:
- Fenice - Open Media Streaming Server ((LS)3)
- Buffer-overflow and crash in Fenice OMS 1.10 (Luigi Auriemma