Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200801-22
HistoryJan 30, 2008 - 12:00 a.m.

PeerCast: Buffer overflow

2008-01-3000:00:00
Gentoo Foundation
security.gentoo.org
12

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.576 Medium

EPSS

Percentile

97.7%

JSON

Background

PeerCast is a client and server for P2P-radio network

Description

Luigi Auriemma reported a heap-based buffer overflow within the “handshakeHTTP()” function when processing HTTP requests.

Impact

A remote attacker could send a specially crafted request to the vulnerable server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the PeerCast server, usually “nobody”.

Workaround

There is no known workaround at this time.

Resolution

All PeerCast users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1218"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/peercast< 0.1218UNKNOWN

Related

openvas 8
cve 1
nessus 5
prion 1
freebsd 1
ubuntucve 1
debian 2
osv 1
securityvulns 2
openvas
openvas
Gentoo Security Advisory GLSA 200801-22 (peercast)
2008-09-24 00:00:00
FreeBSD Ports: peercast
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1441-1)
2008-01-17 00:00:00
cve
cve
CVE-2007-6454
2007-12-20 00:46:00
nessus
nessus
Debian DSA-1441-1 : peercast - buffer overflow
2007-12-31 00:00:00
PeerCast servhs.cpp handshakeHTTP Function SOURCE Request Remote Overflow
2007-12-18 00:00:00
FreeBSD : peercast -- buffer overflow vulnerability (31435fbc-ae73-11dc-a5f9-001a4d49522b)
2007-12-24 00:00:00
prion
prion
Heap overflow
2007-12-20 00:46:00
freebsd
freebsd
peercast -- buffer overflow vulnerability
2007-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2007-6454
2007-12-20 00:00:00
debian
debian
[SECURITY] [DSA 1441-1] New peercast packages fix arbitrary code execution
2007-12-28 16:31:08
[SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities
2008-05-20 17:32:39
osv
osv
gnome-peercast - several vulnerabilities
2008-05-20 00:00:00
securityvulns
securityvulns
Peercast buffer overflow
2008-05-22 00:00:00
[SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities
2008-05-22 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.576 Medium

EPSS

Percentile

97.7%

JSON
Related for GLSA-200801-22
openvas8cve1nessus5prion1freebsd1ubuntucve1debian2osv1securityvulns2