Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing /content.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Shoutcast_server | Nullsoft | * | 1.9.5 (including) |
| Shoutcast_server | Nullsoft | 1.7.1 (including) | 1.7.1 (including) |
| Shoutcast_server | Nullsoft | 1.8.2 (including) | 1.8.2 (including) |
| Shoutcast_server | Nullsoft | 1.8.3 (including) | 1.8.3 (including) |
| Shoutcast_server | Nullsoft | 1.8.9 (including) | 1.8.9 (including) |
| Shoutcast_server | Nullsoft | 1.9.2 (including) | 1.9.2 (including) |
| Shoutcast_server | Nullsoft | 1.9.4 (including) | 1.9.4 (including) |
| Shoutcast_server | Nullsoft | 1.9.5 (including) | 1.9.5 (including) |
References
- http://bugs.gentoo.org/show_bug.cgi?id=136721
- http://people.ksp.sk/~goober/advisory/001-shoutcast.html
- http://secunia.com/advisories/20524
- http://security.gentoo.org/glsa/glsa-200607-05.xml
- http://securitytracker.com/id?1016493
- http://www.shoutcast.com/#news
- http://www.vupen.com/english/advisories/2006/2801
- http://bugs.gentoo.org/show_bug.cgi?id=136721
- http://people.ksp.sk/~goober/advisory/001-shoutcast.html
- http://secunia.com/advisories/20524
- http://security.gentoo.org/glsa/glsa-200607-05.xml
- http://securitytracker.com/id?1016493
- http://www.shoutcast.com/#news
- http://www.vupen.com/english/advisories/2006/2801