Lucene search
SAINT CorporationSAINT:92921D6A690D3F302B68D14AF9EC8247HistoryMay 17, 2006 - 12:00 a.m.
SHOUTcast filename format string vulnerability
2006-05-1700:00:00
SAINT Corporation
download.saintcorporation.com
22
EPSS
0.972
Percentile
99.8%
Added: 05/17/2006
CVE: CVE-2004-1373
BID: 12096
OSVDB: 12585
Background
SHOUTcast is a streaming audio server based on Winamp.
Problem
A format string vulnerability in SHOUTcast allows remote attackers to execute commands by requesting a MP3 filename containing format string characters such as **%n**.
Resolution
Upgrade to SHOUTcast 1.9.5 or higher.
References
<http://archives.neohapsis.com/archives/bugtraq/2004-12/0366.html>
Limitations
Exploit works on SHOUTcast 1.9.4. The exploit may fail on servers using Security Enhanced Linux.
Platforms
Windows 2000
Windows XP
Linux
Related
saint
saint
SHOUTcast filename format string vulnerability
2006-05-17 00:00:00
SHOUTcast filename format string vulnerability
2006-05-17 00:00:00
SHOUTcast filename format string vulnerability
2006-05-17 00:00:00
cvelist
cvelist
CVE-2004-1373
2005-01-19 05:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200501-04 (Shoutcast-server-bin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-04 (Shoutcast-server-bin)
2008-09-24 00:00:00
gentoo
gentoo
Shoutcast Server: Remote code execution
2005-01-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against SHOUTcast Format String Vulnerability
2006-03-26 00:00:00
SHOUTcast Filename Format String - ver 2 (CVE-2004-1373)
2009-10-18 00:00:00
SHOUTcast Filename Format String (CVE-2004-1373)
2009-10-18 00:00:00
nessus
nessus
GLSA-200501-04 : Shoutcast Server: Remote code execution
2005-02-14 00:00:00
SHOUTcast Server Filename Handling Format String
2004-12-28 00:00:00
exploitdb
exploitdb
SHOUTcast DNAS/Linux 1.9.4 - Format String Remote Overflow
2004-12-23 00:00:00
SHOUTcast 1.9.4 (Windows) - File Request Format String Remote Overflow
2005-02-19 00:00:00
packetstorm
packetstorm
SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow
2009-11-26 00:00:00
cve
cve
CVE-2004-1373
2005-01-19 05:00:00
canvas
canvas
Immunity Canvas: SHOUTCAST_FS
2004-12-23 05:00:00
metasploit
metasploit
SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow
2005-12-26 14:34:22
nvd
nvd
CVE-2004-1373
2004-12-23 05:00:00