Hrm, it appears something got messed up in the body of that email.
Check the attached .txt for the correct version of the advisory.

--nnp

On 11/2/07, nnp <version5 (at) gmail (dot) com [email concealed]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [UPH-07-02]
> UnprotectedHex.com security advisory [07-02]
> Discovered by nnp
>
> Discovered : 1 August 2007
> Reported to the vendor : 13 October 2007
> Fixed by vendor : 21 October 2007
>
> Vulnerability class : Remote format string
>
> Affected product : mt-dappd/Firefly Media Server
> Version : request_vars,"HTTP_USER",username);
> ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password);
>
>
> int ws_addarg(ARGLIST *root, char *key, char *fmt, ...) {
> ...
> va_start(ap,fmt);
> vsnprintf(value,sizeof(value),fmt,ap);
> va_end(ap);
>
>
> Proof of concept code : Yes
>
>
> - --
> http://www.smashthestack.org
> http://www.unprotectedhex.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: http://firegpg.tuxfamily.org
>
> iD8DBQFHK8b8bP10WPHfgnQRAoYPAKCfzLo5QPxDKBbOI8Hl+hTnKS5OWACgoOmq
> CM98n8wCZ3AVdi2/vVPhnzk=
> =lrAq
> -----END PGP SIGNATURE-----
>
>

--
http://www.smashthestack.org
http://www.unprotectedhex.com

[ reply ]