lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4298D246.2040501@gulftech.org>
Date: Sat, 28 May 2005 15:19:18 -0500
From: GulfTech Security Research <security@...ftech.org>
To: Secunia Research <vuln@...unia.com>,
	BugTraq <bugtraq@...urityfocus.com>, OSVDB <moderators@...db.org>
Subject: Format String Vulnerability In Peercast 0.1211 And Earlier


##########################################################
# GulfTech Security Research            May 28th, 2005
##########################################################
# Vendor  : peercast.org
# URL     : http://www.peercast.org/
# Version : Peercast 0.1211 And Earlier
# Risk    : Format String Vulnerability
##########################################################



Description:
Peercast is a popular p2p streaming media server (similar to
shoutcast). There is a serious security issue in peercast versions
0.1211 and earlier that may allow for an attacker to execute
arbitrary code on the remote target with the privileges of the user
running peercast (usually administrator) or crash the vulnerable
server. There is an updated version of peercast available and all
users should upgrade as soon as possible.



Format String Vulnerability:
There is a very dangerous format string issue in peercast that may
allow for an attacker to execute arbitrary code on the remote target
with the privileges of the user running peercast or crash the
vulnerable server. Below is an example of how this vulnerability can be
exploited to crash a vulnerable server.

http://localhost:7144/html/en/index.htm%n

The problem occurs because of the way some error messages are handled.
For example in the above example the peercast server receives a malformed
request, so the error routine printed the URL, but the error print
routine (because it was a printf type function call) then tries to parse
the malicious url.



Solution:
Thanks to Giles from Peercast for fixing this issue fast and releasing a
patch in just a few hours. Now that is a quick turn around!
http://www.peercast.org/forum/viewtopic.php?p=11596



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00077-05282005



Credits:
James Bercegay of the GulfTech Security Research Team


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ