Debian Security Advisory DSA 1441-1 (peercast) Network Vulnerability

Summary

The remote host is missing an update to peercast announced via advisory DSA 1441-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201441-1

Insight

Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. For the stable distribution (etch), this problem has been fixed in version 0.1217.toots.20060314-1etch0. The old stable distribution (sarge) does not contain peercast. For the unstable distribution (sid), this problem has been fixed in version 0.1218+svn20071220+2. We recommend that you upgrade your peercast packages.

Severity

Classification

CVE CVE-2007-6454
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1045-1 (openvpn)
Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)
Debian Security Advisory DSA 066-1 (cfingerd)
Debian Security Advisory DSA 1009-1 (crossfire)
Debian Security Advisory DSA 042-1 (gnuserv, xemacs21)

Take action and discover your vulnerabilities