PeerCast 0.12 - HandshakeHTTP Multiple Buffer Overflow Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114096 漏洞类型 Boundary Condition Error
发布时间 2007-12-17 更新时间 2008-05-21
CVE编号 CVE-2007-6454 CNNVD-ID N/A
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/30894
https://www.securityfocus.com/bid/26899
https://cxsecurity.com/issue/WLB-2007120052
|漏洞详情
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
|漏洞EXP
source: http://www.securityfocus.com/bid/26899/info

PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect PeerCast 0.12.17, SVN 334 and prior versions.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30894.zip
|受影响的产品
peercast.org PeerCast 0.1212 peercast.org PeerCast 0.1211 peercast.org PeerCast SVN 344 peercast.org PeerCast 0.1217 peercast.org PeerCast 0.1215 Gentoo Linux
|参考资料
resource:Exploit
hyperlink:http://aluigi.altervista.org/adv/peercasthof-adv.txt
resource:
hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457300
resource:
hyperlink:http://bugs.gentoo.org/show_bug.cgi?id=202747
resource:
hyperlink:http://securityreason.com/securityalert/3461
resource:
hyperlink:http://www.debian.org/security/2007/dsa-1441
resource:
hyperlink:http://www.debian.org/security/2008/dsa-1583
resource:
hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200801-22.xml
resource:Exploit
hyperlink:http://www.securityfocus.com/archive/1/archive/1/485199/100/0/threaded
resource:Exploit
hyperlink:http://www.securityfocus.com/bid/26899
resource:
hyperlink:http://www.vupen.com/english/advisories/2007/4246
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/39075