Signature Detail
Short Name |
HTTP:VLCFS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
VLC HTTPD Connection Header Format String |
Release Date |
2009/04/28 |
Update Number |
1419 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: VLC HTTPD Connection Header Format String
This signature detects attempts to exploit a known vulnerability against VLC HTTP Daemon. A successful attack allows an attacker to execute arbitrary commands with the privileges of the VLC application.
Extended Description
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue. Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. VLC 0.8.6d is vulnerable to these issues; other versions may also be affected.
Affected Products
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Gentoo Linux
- VideoLAN VLC media player 0.8.6
- VideoLAN VLC media player 0.8.6A
- VideoLAN VLC media player 0.8.6B
- VideoLAN VLC media player 0.8.6C
- VideoLAN VLC media player 0.8.6D
References
- BugTraq: 27015
- CVE: CVE-2007-6682
- URL: http://milw0rm.com/exploits/5519