Bug#522170: vlc: CVE-2009-1045 denial of service if web user interface is used
Nico Golde
nion at debian.org
Wed Apr 1 23:26:59 UTC 2009
Hi,
* Christophe Mutricy <xtophe at chewa.net> [2009-04-02 00:36]:
> Le Wed 01 Apr 09 à 13:17 +0200, Nico Golde a écrit :
> > CVE-2009-1045[0]:
> > | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a
> > | denial of service (stack consumption and crash) via a long input
> > | argument in an in_play action.
>
> This is not a security issue. Because if you have access to the html
> interface and want to DoS vlc, you'd quicker to click on the "Close"
> button.
>
> Anyway it's fixed in 0.9.9 which i am packaging atm.
Isn't this interface available if vlc is used to stream and
serves as a http server?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20090402/fd4f5c9c/attachment.pgp
More information about the pkg-multimedia-maintainers
mailing list