Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6629

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6629
Last Modified 07 Mar 2011 10:03:19
Published 03 Jan 2008 07:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6629

Summary

Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line.

Vulnerable Systems

Application

  • Feng 0.1.15


References

VUPEN - ADV-2008-0011

BID - 27049

BUGTRAQ - 20071227 Multiple vulnerabilities in Feng 0.1.15

OSVDB - 40537

MISC - http://aluigi.org/poc/fengulo.zip

MISC - http://aluigi.altervista.org/adv/fengulo-adv.txt

SREASON - 3507

SECUNIA - 28229


Last Updated: 27 May 2016 10:46:35