CVE-2007-5825 - Vulnerability Details - OpenCVE

Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Firefly	Media Server

Configuration 1 [-]

cpe:2.3:a:firefly:media_server:0.2.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=200110
http://secunia.com/advisories/28269
http://secunia.com/advisories/30661
http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679
http://www.debian.org/security/2008/dsa-1597
http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml
http://www.securityfocus.com/archive/1/483209/100/0/threaded
http://www.securityfocus.com/archive/1/483214/100/0/threaded
http://www.securityfocus.com/bid/26310
https://exchange.xforce.ibmcloud.com/vulnerabilities/38243

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-05T19:00:00

Updated: 2024-08-07T15:47:00.654Z

Reserved: 2007-11-05T00:00:00

Link: CVE-2007-5825

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-11-05T19:46:00.000

Modified: 2024-11-21T00:38:46.927

Link: CVE-2007-5825

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the \"Authorization: Basic\" HTTP header line."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1597", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1597"}, {"name": "26310", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26310"}, {"name": "20071102 [UPH-07-03] Firefly Media Server remote format string vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483209/100/0/threaded"}, {"name": "20071102 Re: [UPH-07-03] Firefly Media Server remote format string vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483214/100/0/threaded"}, {"name": "28269", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28269"}, {"name": "firefly-addarg-format-string(38243)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38243"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=200110"}, {"name": "30661", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30661"}, {"name": "GLSA-200712-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5825", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the \"Authorization: Basic\" HTTP header line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1597", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1597"}, {"name": "26310", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26310"}, {"name": "20071102 [UPH-07-03] Firefly Media Server remote format string vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483209/100/0/threaded"}, {"name": "20071102 Re: [UPH-07-03] Firefly Media Server remote format string vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483214/100/0/threaded"}, {"name": "28269", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28269"}, {"name": "firefly-addarg-format-string(38243)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38243"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=200110", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=200110"}, {"name": "30661", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30661"}, {"name": "GLSA-200712-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:47:00.654Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1597", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1597"}, {"name": "26310", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26310"}, {"name": "20071102 [UPH-07-03] Firefly Media Server remote format string vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/483209/100/0/threaded"}, {"name": "20071102 Re: [UPH-07-03] Firefly Media Server remote format string vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/483214/100/0/threaded"}, {"name": "28269", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28269"}, {"name": "firefly-addarg-format-string(38243)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38243"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=200110"}, {"name": "30661", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30661"}, {"name": "GLSA-200712-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5825", "datePublished": "2007-11-05T19:00:00", "dateReserved": "2007-11-05T00:00:00", "dateUpdated": "2024-08-07T15:47:00.654Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firefly:media_server:0.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "9CF79C52-2830-4F6A-9187-0813FE9CFF00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the \"Authorization: Basic\" HTTP header line."}, {"lang": "es", "value": "Vulnerabilidad de formato de cadena en la funci\u00f3n ws_addarg en webserver.c en mt-dappd en Firefly Media Server 0.2.4 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una acci\u00f3n de m\u00e9todo estad\u00edstico en /xml-rpc con especificaciones de formato de cadena en porciones de (1) username o (2) password de datos codificados en base64 sobre la l\u00ednea de cabecera HTTP \"Authorization: Basic\"."}], "id": "CVE-2007-5825", "lastModified": "2024-11-21T00:38:46.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-05T19:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=200110"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28269"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30661"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1597"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/483209/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/483214/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26310"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=200110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=98211&release_id=548679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-18.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483209/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483214/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38243"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}