Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.14354
Category:Remote file access
Title:Music Daemon File Disclosure
Summary:The remote host is running MusicDaemon, a music player running as a server.;; It is possible to cause the Music Daemon to disclose the; content of arbitrary files by inserting them to the list; of tracks to listen to.;; An attacker can list the content of arbitrary files including the; /etc/shadow file, as by default the daemon runs under root privileges.
Description:Summary:
The remote host is running MusicDaemon, a music player running as a server.

It is possible to cause the Music Daemon to disclose the
content of arbitrary files by inserting them to the list
of tracks to listen to.

An attacker can list the content of arbitrary files including the
/etc/shadow file, as by default the daemon runs under root privileges.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 11006
Common Vulnerability Exposure (CVE) ID: CVE-2004-1740
http://www.securityfocus.com/bid/11006
Bugtraq: 20040823 MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit (Google Search)
http://marc.info/?l=bugtraq&m=109329098806595&w=2
XForce ISS Database: musicd-commands-view-files(17067)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17067
CopyrightThis script is Copyright (C) 2004 Noam Rathaus

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.