SAINT top bar Go to home page Search this site Contact SAINT Corporation
SAINT logo







 

 

 

 

 

SHOUTcast filename format string vulnerability

Added: 05/17/2006
CVE: CVE-2004-1373
BID: 12096
OSVDB: 12585

Background

SHOUTcast is a streaming audio server based on Winamp.

Problem

A format string vulnerability in SHOUTcast allows remote attackers to execute commands by requesting a MP3 filename containing format string characters such as %n.

Resolution

Upgrade to SHOUTcast 1.9.5 or higher.

References

http://archives.neohapsis.com/archives/bugtraq/2004-12/0366.html

Limitations

Exploit works on SHOUTcast 1.9.4. The exploit may fail on servers using Security Enhanced Linux.

Platforms

Windows 2000
Windows XP
Linux

Back to exploit index
  Copyright SAINT Corporation. All Rights Reserved. Privacy information Legal information Site map