| VID |
27338 |
| Severity |
40 |
| Port |
7144 |
| Protocol |
TCP |
| Class |
P2P |
| Detailed Description |
The PeerCast HTTP server, according to its banner, has a format string vulnerability. PeerCast is a peer-to-peer (P2P) software package that lets users broadcast streaming media, for Microsoft Windows, Mac OS X and Linux-based operating systems. PeerCast version 0.1211 and earlier versions could allow a remote attacker to execute arbitrary code on the affected system, caused due to a format string error in the processing of HTTP requests. By sending a specially crafted request for a malformed URL to port 7144, a remote attacker could execute arbitrary code on the system.
* Note: This check solely relied on the banner of the HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.gulftech.org/?node=research&article_id=00077-05282005
http://secunia.com/advisories/15536/
http://archives.neohapsis.com/archives/bugtraq/2005-05/0335.html
http://www.securiteam.com/securitynews/5KP0U0AFQA.html
* Platforms Affected:
peercast.org, PeerCast version 0.1211 and earlier versions
Apple Mac OS Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
If P2P file sharing program is not allowed at your organization, uninstall the program.
-- OR --
Upgrade to the latest version of PeerCast (0.1212 or later), available from the PeerCast Download Web site at http://www.peercast.org/download.php |
| Related URL |
CVE-2005-1806 (CVE) |
| Related URL |
13808 (SecurityFocus) |
| Related URL |
20814 (ISS) |
|
