First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 96199
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Derick Eisenhardt <zephyrxero@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 96199 depends on: Show dependency tree
Bug 96199 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-15 11:07 0000 
The old version of Peercast was found to have a bug in it that allowed possible
execution of malicious code
(http://www.peercast.org/forum/viewtopic.php?p=11596). Version 0.1212 fixes this
flaw. The current version of Peercast in portage (including masked) is ver.0.1211

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Jakub Moc (RETIRED) 2005-06-15 11:15:56 0000 ------- 
http://www.gulftech.org/?node=research&article_id=00077-05282005

  Format String Vulnerability In Peercast
	
May 28, 2005
Vendor 	: peercast.org
URL 	: http://www.peercast.org/
Version 	: Peercast 0.1211 And Earlier
Risk 	: Format String Vulnerability


Description:
Peercast is a popular p2p streaming media server (similar to shoutcast). There
is a serious security issue in peercast versions 0.1211 and earlier that may
allow for an attacker to execute arbitrary code on the remote target with the
privileges of the user running peercast (usually administrator) or crash the
vulnerable server. There is an updated version of peercast available and all
users should upgrade as soon as possible.


Format String Vulnerability:
There is a very dangerous format string issue in peercast that may allow for an
attacker to execute arbitrary code on the remote target with the privileges of
the user running peercast or crash the vulnerable server. Below is an example of
how this vulnerability can be exploited to crash a vulnerable server.

http://localhost:7144/html/en/index.htm%n

The problem occurs because of the way some error messages are handled. For
example in the above example the peercast server receives a malformed request,
so the error routine printed the URL, but the error print routine (because it
was a printf type function call) then tries to parse the malicious url.


Solution:
Thanks to Giles from Peercast for fixing this issue fast and releasing a patch
in just a few hours. Now that is a quick turn around!
http://www.peercast.org/forum/viewtopic.php?p=11596

Credits:
James Bercegay of the GulfTech Security Research Team

------- Comment #2 From Thierry Carrez (RETIRED) 2005-06-15 12:02:25 0000 ------- 
sound: please bump

------- Comment #3 From Thierry Carrez (RETIRED) 2005-06-19 12:04:17 0000 ------- 
sound herd: please bump !

------- Comment #4 From Thierry Carrez (RETIRED) 2005-06-19 12:08:56 0000 ------- 
Oops, sorry, it /was/ bumped :) Ready for GLSA

------- Comment #5 From Thierry Carrez (RETIRED) 2005-06-19 12:36:30 0000 ------- 
GLSA 200506-15
First Last Prev Next    No search results available      Search page      Enter new bug