| VID |
12065 |
| Severity |
30 |
| Port |
5555 |
| Protocol |
TCP |
| Class |
MUSICD |
| Detailed Description |
The Music daemon is vulnerable to a denial of service attack.
Music daemon (musicd) is a freely available music player for Unix and Linux platforms. Music daemon version 0.0.3 and earlier vulnerable to a denial of service attack. By establishing a connection to the vulnerable system and issuing the LOAD command followed by a specially-crafted SHOWLIST command to load the /dev/random filename as its track list, a remote attacker could cause the Music daemon (musicd) to crash.
* References:
http://www.securiteam.com/unixfocus/5UP0R1PDPA.html
http://packetstormsecurity.nl/0408-exploits/musicDaemon.txt
http://securitytracker.com/id?1011025
* Platforms Affected:
Petri Lahtinen, Music daemon 0.0.3 and earlier
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Music daemon (0.0.4 or later), available from the SourceForge.net Web site at http://musicdaemon.sourceforge.net/ |
| Related URL |
CVE-2004-1740,CVE-2004-1741 (CVE) |
| Related URL |
11006 (SecurityFocus) |
| Related URL |
17068 (ISS) |
|
