Music daemon musicd Multiple Command Remote DoS

2004-08-23T12:24:54
ID OSVDB:9114
Type osvdb
Reporter Tal0n(cyber_talon@hotmail.com)
Modified 2004-08-23T12:24:54

Description

Vulnerability Description

Music daemon 'musicd' contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a LOAD command followed by a specially crafted SHOWLIST command to the server which crashes the daemon, and will result in loss of availability for the server.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: do not run musicd under root privileges and do not allow access to the service from untrusted machines

Short Description

Music daemon 'musicd' contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a LOAD command followed by a specially crafted SHOWLIST command to the server which crashes the daemon, and will result in loss of availability for the server.

References:

Vendor URL: http://musicdaemon.sourceforge.net Security Tracker: 1011025 Related OSVDB ID: 9113 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0312.html ISS X-Force ID: 17068 CVE-2004-1741 Bugtraq ID: 11006