SHOUTcast Server Filename Handling Format String

high Nessus Plugin ID 16064

Synopsis

The remote streaming audio server is vulnerable to a format string attack.

Description

According to its banner, the version of SHOUTcast Server installed on the remote host is earlier than 1.9.5. Such versions fail to validate requests containing format string specifiers before using them in a call to 'sprintf()'. An unauthenticated, remote attacker may be able to exploit this issue to execute arbitrary code on the remote host.

Solution

Upgrade to SHOUTcast 1.9.5 or later.

See Also

https://seclists.org/bugtraq/2004/Dec/363

Plugin Details

Severity: High

ID: 16064

File Name: shoutcast_fmt_string.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 12/28/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:nullsoft:shoutcast_server

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/23/2004

Exploitable With

CANVAS (CANVAS)

Metasploit (SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow)

Reference Information

CVE: CVE-2004-1373

BID: 12096