PeerCast servhs.cpp handshakeHTTP Function SOURCE Request Remote Overflow

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a buffer overflow vulnerability.

Description :

The version of PeerCast installed on the remote host fails to check
the length of user-supplied data in its 'handshakeHTTP' function in
'servhs.cpp' before copying it to the 'loginPassword' and 'loginMount'
heap-based buffers. An unauthenticated attacker can leverage this
issue to crash the affected application or execute arbitrary code on
the remote host, subject to the privileges under which PeerCast
operates.

See also :

http://www.securityfocus.com/archive/1/485199/30/0/threaded

Solution :

Upgrade to PeerCast version 0.1218 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 29726 ()

Bugtraq ID: 26899

CVE ID: CVE-2007-6454