PeerCast procConnectArgs() Function URL Handling Remote Overflow

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server suffers from a buffer overflow vulnerability.

Description :

The version of PeerCast installed on the remote host copies the
supplied option string without limit into a finite-size buffer. An
unauthenticated attacker can leverage this issue to crash the affected
application and possibly to execute arbitrary code on the remote host
subject to the privileges of the user running PeerCast.

See also :

http://www.securityfocus.com/archive/1/427160/30/0/threaded
http://www.nessus.org/u?ed1ade41

Solution :

Upgrade to PeerCast version 0.1217 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 21041 ()

Bugtraq ID: 17040

CVE ID: CVE-2006-1148