Title: AnalogX SimpleServer:Shout Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
SimpleServer:Shout is a multithreaded streaming mp3 server by AnalogX.
An exploitable buffer overflow has been reported in SimpleServer:Shout, which could enable a remote user to execute arbitrary commands as the Shout daemon.
This is reportedly possible by submitting a malformed request to the target host on TCP port 8001. A request comprised of approximately 348 or more consecutive character sequences followed by two carriage returns will cause a write access violation error in the application.
If the violation error message is manually closed, the process will be terminated. If the error message box is not closed, continuously receiving the offending request, will cause numerous violation error messages to appear. As a result, the system will become unresponsive and it may be possible to overwrite stack variables including the return address, possibly to execute arbitrary code with SYSTEM privileges. The service can be led to crash by sending excessive amounts of data that has not specifically been designed to cause code execution.
It has been reported that varying application errors have been known to occur (Write Access Violation and Watcom Memory Error), this is dependant on the number of bytes sent in a request.
Affected Products:
- AnalogX SimpleServer:Shout 1.0.0
References:
- AnalogX: SimpleServer:Shout Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
