FreeBSD : peercast -- buffer overflow vulnerability (31435fbc-ae73-11dc-a5f9-001a4d49522b)
Critical Nessus Plugin ID 29770
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionLuigi Auriemma reports that peercast is vulnerable to a buffer overflow which could lead to a DoS or potentially remote code execution :
The handshakeHTTP function which handles all the requests received by the other clients is vulnerable to a heap overflow which allows an attacker to fill the loginPassword and loginMount buffers located in the Servent class with how much data he wants.
SolutionUpdate the affected package.