PeerCast servhs.cpp handshakeHTTP Function SOURCE Request Remote Overflow

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a buffer overflow vulnerability.

Description :

The version of PeerCast installed on the remote host fails to check
the length of user-supplied data in its 'handshakeHTTP' function in
'servhs.cpp' before copying it to the 'loginPassword' and 'loginMount'
heap-based buffers. An unauthenticated attacker can leverage this
issue to crash the affected application or execute arbitrary code on
the remote host, subject to the privileges under which PeerCast

See also :

Solution :

Upgrade to PeerCast version 0.1218 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 29726 ()

Bugtraq ID: 26899

CVE ID: CVE-2007-6454

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now