High-Tech Bridge Security Research Lab has discovered 2 remote DoS vulnerabilities in TVMOBiLi Media server, which could be exploited to crash remote server with malicious HTTP requests.
Due to improper handling of length parameter inconsistency [CWE-130] TVMOBiLi was vulnerable to perform DoS attacks.
Brief description of vulnerabilities:
The vulnerabilities exists due to improper handling of URI length within the "HttpUtils.dll" dynamic-link library. A remote attacker can send a specially crafted HTTP GET request of 161, 257 or 255 characters long, or 255, 257 or 260 characters long to 30888/TCP port (default TVMOBiLi's server port) and cause a stack-based buffer overrun that will crash tvMobiliService service.
TVMOBiLi is a free Media server for Mac, Windows, and Linux OS that enables your computer to communicate with a myriad of modern devices in your home using the power of UPnP.
Solution:
Vulnerabilities are now fixed in TVMOBiLi 2.1.0.3974
References:
No comments:
Post a Comment