PeerCast < 0.1218 servhs.cpp handShakeHTTP Function Remote Overflow

High Nessus Network Monitor Plugin ID 4318

Synopsis

The remote web server suffers from a buffer overflow vulnerability.

Description

The version of PeerCast installed on the remote host fails to properly sanitize user-supplied data passed to the 'handShakeHTTP()' function. An unauthenticated attacker can leverage this issue to crash the affected application and to possibly execute arbitrary code on the remote host subject to the privileges of the user running PeerCast.

Solution

Upgrade to version 0.1218 or higher.

See Also

http://www.peercast.org

Plugin Details

Severity: High

ID: 4318

Family: Web Servers

Published: 2007/12/18

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:peercast:peercast

Reference Information

CVE: CVE-2007-6454

BID: 26899