HTTP: Shoutcast Format String Attack

This signature detects attempts to exploit a known vulnerability in the Shoutcast streaming audio server. Attackers can gain complete control of the target host.

Extended Description

Nullsoft SHOUTcast is prone to a remotely exploitable format string vulnerability. The vulnerability is exposed when the server attempts to handle a client request for a file. Successful exploitation may allow execution of arbitrary code in the context of the server process. This could also be exploited to crash the server and, possibly, to read process memory (which could increase reliability of an exploit). This issue was reported to exist in version 1.9.4 on Linux. It is likely that versions for other platforms are also affected by the vulnerability, though it is not known to what degree they are exploitable. Earlier versions of the software are also likely affected.

Affected Products

Nullsoft shoutcast_server

Short Name
HTTP:EXPLOIT:SHOUTCAST-FMT-STR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Attack CVE-2004-1373 Format Shoutcast String bid:12096
Release Date
01/05/2005
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3679
False Positive
Occasionally
Vendors

Nullsoft

CVSS Score

7.5

Found a potential security threat?