Summary
The remote host is running MusicDaemon, a music player running as a server.
It is possible to cause the Music Daemon to disclose the content of arbitrary files by inserting them to the list of tracks to listen to.
An attacker can list the content of arbitrary files including the /etc/shadow file, as by default the daemon runs under root privileges.
Solution
None at this time
Severity
Classification
-
CVE CVE-2004-1740 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities