75695 – SHOUTcast Filename Format String Vulnerability

Bug 75695 - SHOUTcast Filename Format String Vulnerability

Summary: SHOUTcast Filename Format String Vulnerability

Status:	RESOLVED DUPLICATE of bug 75482

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-26 05:55 UTC by Aarni Honka
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aarni Honka 2004-12-26 05:55:25 UTC

TITLE:
SHOUTcast Filename Format String Vulnerability

SECUNIA ADVISORY ID:
SA13661

VERIFY ADVISORY:
http://secunia.com/advisories/13661/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
SHOUTcast 1.x
http://secunia.com/product/1223/

DESCRIPTION:
Tomasz Trojanowski and Damian Put have discovered a vulnerability in
SHOUTcast, which potentially can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is cause due to a format string error in the URL
handling within the processing of requested filenames. This can be
exploited to execute arbitrary code by sending a specially crafted
HTTP request containing format specifiers.

Example:
http://[victim]:8000/content/%n%n%n%n.mp3

The vulnerability has been confirmed in SHOUTcast DNAS/Linux version
1.9.4. Other versions may also be affected.

SOLUTION:
Restrict access or use another product.

PROVIDED AND/OR DISCOVERED BY:
Tomasz Trojanowski and Damian Put.

Comment 1 Luke Macken (RETIRED) gentoo-dev

2004-12-26 08:58:55 UTC


*** This bug has been marked as a duplicate of 75482 ***