[转载]SHOUTcast Remote Format String Vulnerability
信息来源:[url]http://www.securiteam.com/unixfocus/6Z00M20C1C.html[/url]Summary
SHOUTcast is "Nullsoft's Free WinAMP-based distributed streaming audio system. Thousands of broadcasters around the world are waiting for you to tune in and listen". A format string vulnerability in SHOUTcast allows remote attackers to cause the program to execute arbitrary code.
Details
Vulnerable Systems:
* SHOUTcast version 1.9.4
Remote exploitation of a format string vulnerability could allow execution of arbitrary code.
A part of request, which was sent by attacker to server, would be included in second arg of sprintf() function (0x0804adc3 in Linux binary). It is obviously not good from a security viewpoint. We can crash SHOUTcast in a very easy way, using following request:
[url]http://host:8000/content/%n.mp3[/url]
Or reach remote shell thanks to attached exploit's code.
Exploit:
[url]http://www.eviloctal.com/forum/read.php?tid=6158[/url]
页:
[1]