Music Daemon File Disclosure Network Vulnerability

Summary

The remote host is running MusicDaemon, a music player running as a server. It is possible to cause the Music Daemon to disclose the content of arbitrary files by inserting them to the list of tracks to listen to. An attacker can list the content of arbitrary files including the /etc/shadow file, as by default the daemon runs under root privileges.

Solution

None at this time

Severity

Classification

CVE CVE-2004-1740

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IlohaMail Readable Configuration Files
McAfee myCIO Directory Traversal
Subversion Module unreadeable path information disclosure
Web Shopper remote file retrieval
Boa file retrieval

Take action and discover your vulnerabilities