Summary: | media-sound/shoutcast-server-bin: Remote code execution | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | aarni.honka, chriswhite |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.securityfocus.com/archive/1/385350 | ||
Whiteboard: | B1 [glsa] lewk | ||
Package list: | Runtime testing required: | --- |
Description
Luke Macken (RETIRED)
2004-12-23 14:21:54 UTC
Chris White, please verify/advise. *** Bug 75695 has been marked as a duplicate of this bug. *** Ugh, I checked the forum and there's a link to the exact same exploit announcement. Seems nullsoft is taking the clueless route or something. I've package.mask'ed this accordingly. Do we need a masking GLSA for this one? I would say yes. If there is an remote exec exploit out there and upstream doesn't care, users should be warned against it. A masking GLSA will be issued. - - - We're pleased to announce the immediate release of SHOUTcast DNAS 1.9.5. This release corrects a buffer overflow when parsing requests, which could cause the SHOUTcast process to crash and potentially allow remote access to the host it was running on. We STRONGLY URGE you to upgrade to 1.9.5 ASAP. - - - ChrisWhite, please bump/unmask. Marked on my side. AMD64 needs marking though. Once that's done I'll unmask. stable amd64... ready for GLSA Changing to GLSA status. Chris, please unmask package. GLSA 200501-04 |