PeerCast: Format string vulnerability — GLSA 200506-15

PeerCast suffers from a format string vulnerability that could allow arbitrary code execution.

Affected packages

media-sound/peercast on all architectures
Affected versions < 0.1212
Unaffected versions >= 0.1212

Background

PeerCast is a media streaming system based on P2P technology.

Description

James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL.

Impact

A remote attacker could exploit this vulnerability by sending a request with a specially crafted URL to a PeerCast server to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All PeerCast users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1212"

References

Release date
June 19, 2005

Latest revision
May 22, 2006: 02

Severity
high

Exploitable
remote

Bugzilla entries