| VID |
23099 |
| Severity |
30 |
| Port |
5555 |
| Protocol |
TCP |
| Class |
MUSICD |
| Detailed Description |
The Music daemon is vulnerable to a file disclosure vulnerability via the LOAD command.
Music daemon (musicd) is a freely available music player for Unix and Linux platforms. Music daemon version 0.0.3 and earlier could allow a remote attacker to view the content of arbitrary files, due to a lack of sufficient sanitization performed on Music daemon command arguments. By establishing a connection to the vulnerable system and issuing the LOAD command followed by the SHOWLIST command, a remote attacker could view the contents of arbitrary files with the privilege of the Music daemon (musicd) process.
* References:
http://www.securiteam.com/unixfocus/5UP0R1PDPA.html
http://packetstormsecurity.nl/0408-exploits/musicDaemon.txt
http://securitytracker.com/id?1011025
* Platforms Affected:
Petri Lahtinen, Music daemon 0.0.3 and earlier
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Music daemon (0.0.4 or later), available from the SourceForge.net Web site at http://musicdaemon.sourceforge.net/ |
| Related URL |
CVE-2004-1740 (CVE) |
| Related URL |
11006 (SecurityFocus) |
| Related URL |
17067 (ISS) |
|
