|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-04] Shoutcast Server: Remote code execution Vulnerability Scan
Vulnerability Scan Summary Shoutcast Server: Remote code execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-04
(Shoutcast Server: Remote code execution)
Part of the Shoutcast Server Linux binary has been found to
improperly handle sprintf() parsing.
Impact
A malicious attacker could send a formatted URL request to the
Shoutcast Server. This formatted URL would cause either the server
process to crash, or the execution of arbitrary code.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/archive/1/385350
Solution:
All Shoutcast Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.5"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|