Login Sign Up

CVE-2019-9215

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2019-9215 is a critical memory corruption vulnerability in Live555 media streaming server where malformed authorization headers cause invalid memory access in parseAuthorizationHeader function. This allows remote attackers to potentially execute arbitrary code or cause denial of service. Affects systems running vulnerable versions of Live555 media server.

💻 Affected Systems

Products:
  • Live555 Media Server
  • Applications using Live555 library
Versions: All versions before 2019.02.27
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any service using Live555 for media streaming is vulnerable if using affected versions

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

Streaming Media by Live555

View all CVEs affecting Streaming Media →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Denial of service causing media streaming interruption and potential system crashes

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls

🌐 Internet-Facing: HIGH - Directly exploitable over network without authentication
🏢 Internal Only: MEDIUM - Still exploitable but requires internal network access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malformed authorization headers to vulnerable endpoints

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2019.02.27 and later

Vendor Advisory: http://www.live555.com/liveMedia/public/changelog.txt

Restart Required: Yes

Instructions:

1. Download latest Live555 from official website 2. Compile and install new version 3. Restart all services using Live555 4. Verify version is 2019.02.27 or newer

🔧 Temporary Workarounds

Network Filtering

linux

Block malformed authorization headers at network perimeter

iptables -A INPUT -p tcp --dport [LIVE555_PORT] -m string --string "Authorization:" --algo bm -j DROP

Service Isolation

linux

Run Live555 in isolated container with limited privileges

docker run --security-opt=no-new-privileges --cap-drop=ALL -d [LIVE555_IMAGE]

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Live555 servers
  • Deploy WAF rules to block malformed authorization headers

🔍 How to Verify

Check if Vulnerable:

Check Live555 version: grep 'LIVE555_VERSION' in source or running binary

Check Version:

strings /path/to/live555MediaServer | grep LIVE555_VERSION

Verify Fix Applied:

Confirm version is 2019.02.27 or newer and test with malformed authorization headers

📡 Detection & Monitoring

Log Indicators:

  • Authorization header parsing errors
  • Segmentation faults in Live555 logs
  • Unusual authorization attempts

Network Indicators:

  • Malformed HTTP headers to media streaming ports
  • Unusual traffic patterns to Live555 services

SIEM Query:

source="live555.log" AND ("segmentation fault" OR "invalid memory" OR "authorization parse")

📊 Metadata

CVE ID: CVE-2019-9215
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 28, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON