Gentoo Security Advisory GLSA 200607-05 (shoutcast) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200607-05.

Solution

All SHOUTcast server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/shoutcast-server-bin-1.9.7' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-05 http://bugs.gentoo.org/show_bug.cgi?id=136721 http://bugs.gentoo.org/show_bug.cgi?id=136221 http://people.ksp.sk/~goober/advisory/001-shoutcast.html http://secunia.com/advisories/20524/

Insight

The SHOUTcast server is vulnerable to a file disclosure vulnerability and multiple XSS vulnerabilities.

Severity

Classification

CVE CVE-2006-3007, CVE-2006-3534, CVE-2006-3535

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200408-15 (tomcat)
Gentoo Security Advisory GLSA 200409-09 (mit-krb5)
Gentoo Security Advisory GLSA 200407-15 (opera)
Gentoo Security Advisory GLSA 200404-03 (tcpdump)
Gentoo Security Advisory GLSA 200407-01 (esearch)

Take action and discover your vulnerabilities