[11490] in bugtraq
Winamp SHOUTcast server: Gain Administrator Password
daemon@ATHENA.MIT.EDU (Michael)
Sun Aug 22 22:15:39 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSO.4.10.9908200147030.19431-100000@counselor.dahphish.org>
Date: Fri, 20 Aug 1999 02:19:39 -0700
Reply-To: Michael <arrow@DAHPHISH.ORG>
From: Michael <arrow@DAHPHISH.ORG>
X-To: BUGTRAQ@SECURITYFOCUS.COM, webmaster@nullsoft.com
To: BUGTRAQ@SECURITYFOCUS.COM
Greetings Bugtraq, this is my first posting of an advisory, so go easy on me =)
I was recently setting up a Nullsoft SHOUTcast server to relay some
content when I noticed the Administrator password is stored plain text in
the configuration file (./sc_serv.conf by default).
The password is also LOGGED when the web based administration tool is
used. It can be obtained by simply grep'ing the logfile output. The
offending line is here:
<08/20/99@06:11:41> [http:1 my.computer.com] REQ:"/admin.cgi?pass=joltcola&mode=viewlog" (Mozilla/4.0 (compatible; MSIE 5.0; Windows 98))
Obtaining the Administrator password allows administration via the web
based system, as well has hijacking the content stream going out to
listeners.
Quick fix would be simply chmod the log and config files to prevent world
reading. Nullsoft should of course parse there log output for sensitive
data, and possibly look into UNIX crypt() for its passwords.
-arr0w
---
Mike Damm http://www.dahphish.org/~arrow/
arrow@nakedhackers.net arrow@alphalinux.org
Sometimes I think windows calls DevideByZero();
