Vulnerabilities > CVE-2005-1806 - Unspecified vulnerability in Peercast
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description PeerCast <= 0.1211 Remote Format String Exploit. CVE-2005-1806. Remote exploit for linux platform id EDB-ID:1055 last seen 2016-01-31 modified 2005-06-20 published 2005-06-20 reporter darkeagle source https://www.exploit-db.com/download/1055/ title PeerCast <= 0.1211 - Remote Format String Exploit description Peercast < 0.1211 - Format String. CVE-2005-1806. Dos exploit for Windows platform id EDB-ID:43826 last seen 2018-01-24 modified 2015-05-28 published 2015-05-28 reporter Exploit-DB source https://www.exploit-db.com/download/43826/ title Peercast < 0.1211 - Format String
Nessus
NASL family Peer-To-Peer File Sharing NASL id PEERCAST_FORMAT_STRING.NASL description The version of PeerCast installed on the remote host suffers from a format string vulnerability. An attacker can issue requests containing format specifiers that will crash the server and potentially permit arbitrary code execution subject to privileges of the user under which the affected application runs. last seen 2020-06-01 modified 2020-06-02 plugin id 18417 published 2005-06-06 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18417 title PeerCast URL Error Message Format String code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18417); script_version("1.15"); script_cve_id("CVE-2005-1806"); script_bugtraq_id(13808); script_name(english:"PeerCast URL Error Message Format String"); script_set_attribute(attribute:"synopsis", value: "The remote peer-to-peer application is affected by a format string vulnerability." ); script_set_attribute(attribute:"description", value: "The version of PeerCast installed on the remote host suffers from a format string vulnerability. An attacker can issue requests containing format specifiers that will crash the server and potentially permit arbitrary code execution subject to privileges of the user under which the affected application runs." ); script_set_attribute(attribute:"see_also", value:"http://www.gulftech.org/?node=research&article_id=00077-05282005" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/May/334" ); # http://web.archive.org/web/20071106134310/http://www.peercast.org/forum/viewtopic.php?p=11596 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0438223" ); script_set_attribute(attribute:"solution", value: "Upgrade to PeerCast 0.1212 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/28"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for format string vulnerability in PeerCast"); script_category(ACT_MIXED_ATTACK); script_family(english:"Peer-To-Peer File Sharing"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("peercast_installed.nasl"); script_require_keys("PeerCast/installed"); script_require_ports("Services/www", 7144, 7145); exit(0); } if (!get_kb_item("PeerCast/installed")) exit(0); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); list = get_kb_list("PeerCast/*/version"); if (isnull(list)) exit(0); foreach key (keys(list)) { port = key - "PeerCast/" - "/version"; ver = list[key]; if (get_port_state(port)) { # If safe checks are enabled... if (safe_checks()) { # Check the version. vuln = FALSE; if (ver =~ "^[0-9]\.[0-9]+$") { iver = split(ver, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); if (iver[0] == 0 && iver[1] < 1212) vuln = TRUE; } else if (report_paranoia > 1) vuln = TRUE; if (vuln) { report = string( "According to its Server response header, the version of PeerCast on the\n", "remote host is :\n", "\n", " ", ver, "\n" ); security_hole(port:port, extra:report); break; } } # Otherwise... else { # Make sure the server's up. if (http_is_dead(port:port)) exit(1, "The web server is dead"); # Try to crash it. r = http_send_recv3(method:"GET",item:"/html/en/index.htm%n", port:port); # There's a problem if the server's down. if (http_is_dead(port:port)) { security_hole(port); exit(0); } } } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200506-15.NASL description The remote host is affected by the vulnerability described in GLSA-200506-15 (PeerCast: Format string vulnerability) James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL. Impact : A remote attacker could exploit this vulnerability by sending a request with a specially crafted URL to a PeerCast server to execute arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18530 published 2005-06-20 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18530 title GLSA-200506-15 : PeerCast: Format string vulnerability
References
- http://marc.info/?l=bugtraq&m=111746603629979&w=2
- http://secunia.com/advisories/15536
- http://secunia.com/advisories/15753
- http://www.gentoo.org/security/en/glsa/glsa-200506-15.xml
- http://www.gulftech.org/?node=research&article_id=00077-05282005
- http://www.peercast.org/forum/viewtopic.php?p=11596
- http://www.vupen.com/english/advisories/2005/0651