[转载]SHOUTcast Remote Format String Vulnerability

信息来源：http://www.securiteam.com/unixfocus/6Z00M20C1C.html

Summary
SHOUTcast is "Nullsoft's Free WinAMP-based distributed streaming audio system. Thousands of broadcasters around the world are waiting for you to tune in and listen". A format string vulnerability in SHOUTcast allows remote attackers to cause the program to execute arbitrary code.

Details
Vulnerable Systems:
* SHOUTcast version 1.9.4

Remote exploitation of a format string vulnerability could allow execution of arbitrary code.

A part of request, which was sent by attacker to server, would be included in second arg of sprintf() function (0x0804adc3 in Linux binary). It is obviously not good from a security viewpoint. We can crash SHOUTcast in a very easy way, using following request:
http://host:8000/content/%n.mp3

Or reach remote shell thanks to attached exploit's code.

Exploit:
http://www.eviloctal.com/forum/read.php?tid=6158