lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200812041451.mB4EpFwA007814@www3.securityfocus.com>
Date: Thu, 4 Dec 2008 07:51:15 -0700
From: DDI.VulnerabilityAlert@...frontline.com
To: bugtraq@...urityfocus.com
Subject: DDIVRT-2008-18 Orb Denial of Service

Title
-----
DDIVRT-2008-18 Orb Denial of Service

Severity
--------
Medium

Date Discovered
---------------
October 21st 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and r@...$

Vulnerability Description
-------------------------
Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users.

Solution Description
--------------------
Use firewall rules to restrict access to authorized users of the Orb server.
This issue has been fixed in version 2.01.0025, which is available on Orb's website.

Tested Systems / Software (with versions)
------------------------------------------
Orb version 2.01.0017 on Windows XP Pro SP2
Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2
Orb version 2.01.0020 on Windows XP Pro SP2

Vendor Contact
--------------
Orb Networks
http://www.orb.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ