PeerCast URL Error Message Format String

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote peer-to-peer application is affected by a format string
vulnerability.

Description :

The version of PeerCast installed on the remote host suffers from a
format string vulnerability. An attacker can issue requests
containing format specifiers that will crash the server and
potentially permit arbitrary code execution subject to privileges of
the user under which the affected application runs.

See also :

http://www.gulftech.org/?node=research&article_id=00077-05282005
http://archives.neohapsis.com/archives/bugtraq/2005-05/0335.html
http://www.nessus.org/u?a0438223

Solution :

Upgrade to PeerCast 0.1212 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 18417 ()

Bugtraq ID: 13808

CVE ID: CVE-2005-1806