Lucene search

Gentoo FoundationGLSA-200506-15

HistoryJun 19, 2005 - 12:00 a.m.

PeerCast: Format string vulnerability

2005-06-1900:00:00

Gentoo Foundation

security.gentoo.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.5%

JSON

Background

PeerCast is a media streaming system based on P2P technology.

Description

James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL.

Impact

A remote attacker could exploit this vulnerability by sending a request with a specially crafted URL to a PeerCast server to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All PeerCast users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-sound/peercast-0.1212"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/peercast< 0.1212UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-sound/peercast	< 0.1212	UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.5%

JSON

Related for GLSA-200506-15