Search | Research | Contact Us Sunday June 18, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 eBay And Amazon Still Vulnerable
  5 When Small Mistakes Can Cause Big Problems
  6 Woltlab Burning Board SQL Injection Vulnerability
  7 PEAR XML_RPC Library Remote Code Execution
  8 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
  9 Mambo Multiple Vulnerabilities
10 Multiple Vulnerabilities In phpWebsite
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Format String Vulnerability In Peercast
May 28, 2022
Vendor : peercast.org
URL : http://www.peercast.org/
Version : Peercast 0.1211 And Earlier
Risk : Format String Vulnerability


Description:
Peercast is a popular p2p streaming media server (similar to shoutcast). There is a serious security issue in peercast versions 0.1211 and earlier that may allow for an attacker to execute arbitrary code on the remote target with the privileges of the user running peercast (usually administrator) or crash the vulnerable server. There is an updated version of peercast available and all users should upgrade as soon as possible.


Format String Vulnerability:
There is a very dangerous format string issue in peercast that may allow for an attacker to execute arbitrary code on the remote target with the privileges of the user running peercast or crash the vulnerable server. Below is an example of how this vulnerability can be exploited to crash a vulnerable server.

http://localhost:7144/html/en/index.htm%n

The problem occurs because of the way some error messages are handled. For example in the above example the peercast server receives a malformed request, so the error routine printed the URL, but the error print routine (because it was a printf type function call) then tries to parse the malicious url.


Solution:
Thanks to Giles from Peercast for fixing this issue fast and releasing a patch in just a few hours. Now that is a quick turn around!
http://www.peercast.org/forum/viewtopic.php?p=11596


Credits:
James Bercegay of the GulfTech Security Research Team