Detections
Analytics

PeerCast URL Error Message Format String

high Nessus Plugin ID 18417

Language:

Synopsis

The remote peer-to-peer application is affected by a format string vulnerability.

Description

The version of PeerCast installed on the remote host suffers from a format string vulnerability. An attacker can issue requests containing format specifiers that will crash the server and potentially permit arbitrary code execution subject to privileges of the user under which the affected application runs.

Solution

Upgrade to PeerCast 0.1212 or later.

See Also

http://www.gulftech.org/?node=research&article_id=00077-05282005

https://seclists.org/bugtraq/2005/May/334

http://www.nessus.org/u?a0438223

Plugin Details

Severity: High

ID: 18417

File Name: peercast_format_string.nasl

Version: 1.15

Type: remote

Published: 6/6/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: PeerCast/installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/28/2005

Reference Information

CVE: CVE-2005-1806

BID: 13808