FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

peercast -- buffer overflow vulnerability

Affected packages
peercast < 0.1218

Details

VuXML ID 31435fbc-ae73-11dc-a5f9-001a4d49522b
Discovery 2007-12-17
Entry 2007-12-19
Modified 2010-05-12

Luigi Auriemma reports that peercast is vulnerable to a buffer overflow which could lead to a DoS or potentially remote code execution:

The handshakeHTTP function which handles all the requests received by the other clients is vulnerable to a heap overflow which allows an attacker to fill the loginPassword and loginMount buffers located in the Servent class with how much data he wants.

References

CVE Name CVE-2007-6454
URL http://aluigi.altervista.org/adv/peercasthof-adv.txt
URL http://secunia.com/advisories/28120/