CVE-2003-1174
published 2003-12-31CVE-2003-1174: Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2)…
PriorityP413low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
1.16%
63.1th percentile
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nullsoft | shoutcast_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (1)
exploitdb·2003-11-03
CVE-2003-1174 Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (1)
Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (1)
---
source: https://www.securityfocus.com/bid/8954/info
Nullsoft SHOUTcast Server is prone to a memory corruption vulnerability that may lead to denial of service attacks or code execution. This is due to insufficient bounds checking of server commands supplied by authenticated users, specifically icy-name and icy-url.
This issue was reported in SHOUTcast 1.9.2 on Windows platforms. Other versions and platforms may also be affected.
#test under gentoo linux ,exec it python shoutexp.py 192.168.0.1
#code by airsupply_at_0x557.org
#thx all sst members
import socket,string,base64
import sys
import telnetlib
import time
t_ip=sys.argv[1]
print t_ip
try:
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((t_ip,800
Exploit-DB
Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (2)
exploitdb·2003-11-03
CVE-2003-1174 Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (2)
Nullsoft SHOUTcast 1.9.2 - 'icy-name/icy-url' Memory Corruption (2)
---
// source: https://www.securityfocus.com/bid/8954/info
Nullsoft SHOUTcast Server is prone to a memory corruption vulnerability that may lead to denial of service attacks or code execution. This is due to insufficient bounds checking of server commands supplied by authenticated users, specifically icy-name and icy-url.
This issue was reported in SHOUTcast 1.9.2 on Windows platforms. Other versions and platforms may also be affected.
/* _ ________ _____ ______
*
* oseen_shoucast.c( public version) - SHOUTcast v1.9.2 remote exploit / \ / "fuck mm"
* by exworm of oseen (www.oseen.org) \/
* con back exploit
* bash-2.05b# ./oseen_shoutcast -t 2 -h XXX.XXX.XXX.XXX
* SHOUTcast v1.9.2 remote exploit by exworm of 0seen
* --
No writeups or analysis indexed.
http://secunia.com/advisories/10146http://securitytracker.com/id?1008080http://www.osvdb.org/2776http://www.securityfocus.com/archive/1/343177http://www.securityfocus.com/bid/8954https://exchange.xforce.ibmcloud.com/vulnerabilities/13586http://secunia.com/advisories/10146http://securitytracker.com/id?1008080http://www.osvdb.org/2776http://www.securityfocus.com/archive/1/343177http://www.securityfocus.com/bid/8954https://exchange.xforce.ibmcloud.com/vulnerabilities/13586
2003-12-31
Published