| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2571D31D42513640AE1632FEE100E0E402DD744F@hypercom.defense.local>
Date: Thu, 4 Dec 2008 09:03:00 -0600
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert@...frontline.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DDIVRT-2008-18 Orb Denial of Service
Title
-----
DDIVRT-2008-18 Orb Denial of Service
Severity
--------
Medium
Date Discovered
---------------
October 21st 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and r@...$
Vulnerability Description
-------------------------
Orb Networks' Orb media server is vulnerable to a denial of service
condition. Sending malformed http requests may crash the service denying
service to legitimate users.
Solution Description
--------------------
Use firewall rules to restrict access to authorized users of the Orb
server.
This issue has been fixed in version 2.01.0025, which is available on
Orb's website.
Tested Systems / Software (with versions)
------------------------------------------
Orb version 2.01.0017 on Windows XP Pro SP2
Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on
Windows XP Pro SP2
Orb version 2.01.0020 on Windows XP Pro SP2
Vendor Contact
--------------
Orb Networks
http://www.orb.com
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists