PeerCast servhs.cpp handshakeHTTP Function SOURCE Request Remote Overflow

High Nessus Plugin ID 29726

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

The version of PeerCast installed on the remote host fails to check the length of user-supplied data in its 'handshakeHTTP' function in 'servhs.cpp' before copying it to the 'loginPassword' and 'loginMount' heap-based buffers. An unauthenticated attacker can leverage this issue to crash the affected application or execute arbitrary code on the remote host, subject to the privileges under which PeerCast operates.

Solution

Upgrade to PeerCast version 0.1218 or later.

See Also

http://www.securityfocus.com/archive/1/485199/30/0/threaded

Plugin Details

Severity: High

ID: 29726

File Name: peercast_01218.nasl

Version: $Revision: 1.12 $

Type: remote

Published: 2007/12/18

Modified: 2012/12/13

Dependencies: 18418

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:peercast:peercast

Required KB Items: PeerCast/installed

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2007-6454

BID: 26899

CWE: 119