blob: 588604f6c7f637c432087b263002a4da085f56cc [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-04">
<title>Shoutcast Server: Remote code execution</title>
Shoutcast Server contains a possible buffer overflow that could lead to the
execution of arbitrary code.
<product type="ebuild">Shoutcast-server-bin</product>
<announced>January 05, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="media-sound/shoutcast-server-bin" auto="yes" arch="*">
<unaffected range="ge">1.9.5</unaffected>
<vulnerable range="le">1.9.4-r1</vulnerable>
Shoutcast Server is Nullsoft's streaming audio server. It runs on a
variety of platforms, including Linux, and is extremely popular with
Internet broadcasters.
Part of the Shoutcast Server Linux binary has been found to improperly
handle sprintf() parsing.
<impact type="normal">
A malicious attacker could send a formatted URL request to the
Shoutcast Server. This formatted URL would cause either the server
process to crash, or the execution of arbitrary code.
There is no known workaround at this time.
All Shoutcast Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-sound/shoutcast-server-bin-1.9.5&quot;</code>
<uri link="">BugTraq Announcement</uri>
<uri link="">CVE-2004-1373</uri>
<metadata tag="requester" timestamp="Wed, 29 Dec 2004 14:31:08 +0000">
<metadata tag="bugReady" timestamp="Tue, 4 Jan 2005 19:23:19 +0000">
<metadata tag="submitter" timestamp="Tue, 4 Jan 2005 20:51:10 +0000">