PeerCast < 0.1218 servhs.cpp handShakeHTTP Function Remote Overflow

high Nessus Network Monitor Plugin ID 4318

Synopsis

The remote web server suffers from a buffer overflow vulnerability.

Description

The version of PeerCast installed on the remote host fails to properly sanitize user-supplied data passed to the 'handShakeHTTP()' function. An unauthenticated attacker can leverage this issue to crash the affected application and to possibly execute arbitrary code on the remote host subject to the privileges of the user running PeerCast.

Solution

Upgrade to version 0.1218 or higher.

See Also

http://www.peercast.org

Plugin Details

Severity: High

ID: 4318

Family: Web Servers

Published: 12/18/2007

Updated: 3/6/2019

Nessus ID: 29726

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:peercast:peercast

Reference Information

CVE: CVE-2007-6454

BID: 26899