TITLE: SHOUTcast Filename Format String Vulnerability SECUNIA ADVISORY ID: SA13661 VERIFY ADVISORY: http://secunia.com/advisories/13661/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: SHOUTcast 1.x http://secunia.com/product/1223/ DESCRIPTION: Tomasz Trojanowski and Damian Put have discovered a vulnerability in SHOUTcast, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is cause due to a format string error in the URL handling within the processing of requested filenames. This can be exploited to execute arbitrary code by sending a specially crafted HTTP request containing format specifiers. Example: http://[victim]:8000/content/%n%n%n%n.mp3 The vulnerability has been confirmed in SHOUTcast DNAS/Linux version 1.9.4. Other versions may also be affected. SOLUTION: Restrict access or use another product. PROVIDED AND/OR DISCOVERED BY: Tomasz Trojanowski and Damian Put.
*** This bug has been marked as a duplicate of 75482 ***