Plugins Database As of 12-09-2019

Music Daemon File Disclosure

Remote file access
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.14354

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Detection Type:
Remote Vulnerability

Solution Type:
WillNotFix

Recommendations:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Summary:
The remote host is running MusicDaemon, a music player running as a server. It is possible to cause the Music Daemon to disclose the content of arbitrary files by inserting them to the list of tracks to listen to. An attacker can list the content of arbitrary files including the /etc/shadow file, as by default the daemon runs under root privileges.

Search
Severity
Medium
CVSS Score
5.0
Published
2005-11-03 13:08:04
Modified
2019-02-08 14:43:51
CVE
CVE-2004-1740
BID
11006

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.