| VID |
23151 |
| Severity |
40 |
| Port |
8000 |
| Protocol |
TCP |
| Class |
SHOUTcast |
| Detailed Description |
The SHOUTcast Server, according to its banner, has a format string vulnerability. Nullsoft SHOUTcast Server is a streaming audio server. SHOUTcast Server version 1.9.4 and earlier versions are vulnerable to a format string attack. The vulnerability is exposed when the server attempts to handle a client request for a file. A remote attacker could exploit this vulnerability to cause the affected server to crash or execute arbitrary code on the system.
* Note: This check solely relied on the banner of the remote SHOUTcast server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-12/0366.html
* Platforms Affected:
Nullsoft, Inc., SHOUTcast Server version 1.9.4 and earlier versions
Microsoft Windows Any version
Linux Any version
Apple Mac OS 10.x |
| Recommendation |
Upgrade to the latest version of SHOUTcast (1.9.5 or later), available from the SHOUTcast Web site at http://www.shoutcast.com |
| Related URL |
CVE-2004-1373 (CVE) |
| Related URL |
12096 (SecurityFocus) |
| Related URL |
18669 (ISS) |
|
