Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - SHOUTCAST <= 1.9.4 Vulnerability, Exploit Available InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SHOUTCAST <= 1.9.4 Vulnerability, Exploit Available

Published: 2006-01-30
Last Updated: 2006-01-30 02:08:28 UTC
by Erik Fichtner (Version: 2)
0 comment(s)
On December 26, 2004, Secunia released an advisory regarding a vulnerabilty in Shoutcast.  We've received a report about a few sites detecting odd log entries that fit the vulnerability description, with corresponding server crashes over the past few days.  An exploit was published yesterday.  The solution is to update to the latest version (v.1.9.5).  The advisory is available at Secunia.

Updated to correct the original vulnerability publication date.  This is an old hole, but there seem to be a number of people still running vulnerable versions.  The exploit is new, and if you're running a SHOUTcast server, check your version. 

The default port for SHOUTcast is 8000--Dshield shows a spike in targets on the 14th and more recently.



-db

Dave Brookshire (http://parapet.net)
Handler-on-Duty

Keywords:
0 comment(s)
Diary Archives